[jira] Issue Comment Edited: (OFBIZ-1151) Passwords are not seeded

["Wickersheimer Jeremy (JIRA)" <ji...@apache.org>]

    [ https://issues.apache.org/jira/browse/OFBIZ-1151?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12513177 ] 

Wickersheimer Jeremy edited comment on OFBIZ-1151 at 7/17/07 1:05 AM:
----------------------------------------------------------------------

Yes,

The nabble link is the problem exactly. Someone proposed to salt the passwords which is what should be done.

The modification would be trivial really.
- When you store a password you generate a random salt
- Then you store in the DB two fields : the "salt" (hash of a randow string), and the "hashed(salt+password)"
When you check a password, you just need to readd the salt before hashing and comparing to the DB.

You can also concatenate the salt and hashed(salt+pass) in one field because both have predefined size.


 was:
PS: the second link is the problem exactly. Someone proposed to salt the passwords which is what should be done.

The modification would be trivial really.
- When you store a password you generate a random salt
- Then you store in the DB two fields : the "salt" (hash of a randow string), and the "hashed(salt+password)"
When you check a password, you just need to readd the salt before hashing and comparing to the DB.

You can also concatenate the salt and hashed(salt+pass) in one field because both have predefined size.

> Passwords are not seeded
> ------------------------
>
>                 Key: OFBIZ-1151
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-1151
>             Project: OFBiz
>          Issue Type: Improvement
>          Components: party
>    Affects Versions: SVN trunk, Release Branch 4.0
>            Reporter: Wickersheimer Jeremy
>            Priority: Minor
>
> Password are currently hashed but not seeded which may be a security issue.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.