Hi, On Sun, Mar 12, 2017 at 7:59 AM, Ruwan Abeykoon <[email protected]> wrote:
> Hi All, > Can the hash algorithm change over the time? > If so we need to record the hash algorithm used to do hashing along with > the particular password history record. We need to use the particular > algorithm to do the comparison, not the system configured one. > In addition to the hashing algo, we should store the key length and the iteration count. We have given the option to configure these properties for the credential stores and we should do the same for password history management. Since we are storing the current password in the history table, the hashing mechanism should be similar to that of the credential stores. Regards, Omindu. > > Cheers, > Ruwan > > > On Sun, Mar 12, 2017 at 7:44 AM, Gayan Gunawardana <[email protected]> wrote: > >> Hi All, >> >> We are in the process of implementing password history validation feature >> for IS 6.0.0. Architecture of this feature was previously discussed in [1] >> by Isura for IS 5.3.0. We plan to follow same architecture with minor >> changes. >> >> Previously history validation has been done by checking only last 'n' >> number of attempts. Ex. you cannot use a password which is inside last 5 >> attempts. This time we additionally validate time factor as well Ex. you >> cannot use a password, if there is a similar password with created date >> inside last 7days. >> >> Table structure will be changed as below since we have unique user ID in >> C5. >> >> *Previous * >> >> CREATE TABLE IF NOT EXISTS IDN_PASSWORD_HISTORY_DATA ( >> ID INTEGER NOT NULL AUTO_INCREMENT, >> USER_NAME VARCHAR(255) NOT NULL, >> USER_DOMAIN VARCHAR(127) NOT NULL, >> TENANT_ID INTEGER DEFAULT -1, >> SALT_VALUE VARCHAR(255), >> HASH VARCHAR(255) NOT NULL, >> TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, >> PRIMARY KEY(ID), >> UNIQUE (USER_NAME,USER_DOMAIN,TENANT_ID,SALT_VALUE,HASH) >> )ENGINE INNODB; >> >> >> *New * >> CREATE TABLE IF NOT EXISTS IDN_PASSWORD_HISTORY_DATA ( >> ID INTEGER NOT NULL AUTO_INCREMENT, >> USER_UNIQUE_ID VARCHAR(255) NOT NULL, >> SALT_VALUE VARCHAR(255), >> HASH VARCHAR(255) NOT NULL, >> TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, >> PRIMARY KEY(ID), >> UNIQUE (USER_NAME,USER_DOMAIN,TENANT_ID,SALT_VALUE,HASH) >> )ENGINE INNODB; >> >> Password Hashing algorithm will be a configurable property. >> >> [1] [Architecture] Force Password Reset and Password History validation >> >> Thanks, >> Gayan >> >> -- >> Gayan Gunawardana >> Software Engineer; WSO2 Inc.; http://wso2.com/ >> Email: [email protected] >> Mobile: +94 (71) 8020933 >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > > *Ruwan Abeykoon* > *Associate Director/Architect**,* > *WSO2, Inc. http://wso2.com <https://wso2.com/signature> * > *lean.enterprise.middleware.* > > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Omindu Rathnaweera Software Engineer, WSO2 Inc. Mobile: +94 771 197 211
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
