On Mon, Mar 13, 2017 at 5:00 PM, Omindu Rathnaweera <[email protected]> wrote:
> Hi, > > On Sun, Mar 12, 2017 at 7:59 AM, Ruwan Abeykoon <[email protected]> wrote: > >> Hi All, >> Can the hash algorithm change over the time? >> If so we need to record the hash algorithm used to do hashing along with >> the particular password history record. We need to use the particular >> algorithm to do the comparison, not the system configured one. >> > > In addition to the hashing algo, we should store the key length and the > iteration count. We have given the option to configure these properties for > the credential stores and we should do the same for password history > management. Since we are storing the current password in the history table, > the hashing mechanism should be similar to that of the credential stores. > Will the hashing mechanism (i.e. algorithm, key length, iteration count) be same for all hashing algorithms ? In that case, How do we handle such a scenario in storing hashing mechanism related data in database ? When hashing mechanisms differ from one another, we will definitely not be able to have a fixed column structure in the table. > > Regards, > Omindu. > > >> >> Cheers, >> Ruwan >> >> >> On Sun, Mar 12, 2017 at 7:44 AM, Gayan Gunawardana <[email protected]> >> wrote: >> >>> Hi All, >>> >>> We are in the process of implementing password history validation >>> feature for IS 6.0.0. Architecture of this feature was previously discussed >>> in [1] by Isura for IS 5.3.0. We plan to follow same architecture with >>> minor changes. >>> >>> Previously history validation has been done by checking only last 'n' >>> number of attempts. Ex. you cannot use a password which is inside last 5 >>> attempts. This time we additionally validate time factor as well Ex. you >>> cannot use a password, if there is a similar password with created date >>> inside last 7days. >>> >>> Table structure will be changed as below since we have unique user ID in >>> C5. >>> >>> *Previous * >>> >>> CREATE TABLE IF NOT EXISTS IDN_PASSWORD_HISTORY_DATA ( >>> ID INTEGER NOT NULL AUTO_INCREMENT, >>> USER_NAME VARCHAR(255) NOT NULL, >>> USER_DOMAIN VARCHAR(127) NOT NULL, >>> TENANT_ID INTEGER DEFAULT -1, >>> SALT_VALUE VARCHAR(255), >>> HASH VARCHAR(255) NOT NULL, >>> TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, >>> PRIMARY KEY(ID), >>> UNIQUE (USER_NAME,USER_DOMAIN,TENANT_ID,SALT_VALUE,HASH) >>> )ENGINE INNODB; >>> >>> >>> *New * >>> CREATE TABLE IF NOT EXISTS IDN_PASSWORD_HISTORY_DATA ( >>> ID INTEGER NOT NULL AUTO_INCREMENT, >>> USER_UNIQUE_ID VARCHAR(255) NOT NULL, >>> SALT_VALUE VARCHAR(255), >>> HASH VARCHAR(255) NOT NULL, >>> TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, >>> PRIMARY KEY(ID), >>> UNIQUE (USER_NAME,USER_DOMAIN,TENANT_ID,SALT_VALUE,HASH) >>> )ENGINE INNODB; >>> >>> Password Hashing algorithm will be a configurable property. >>> >>> [1] [Architecture] Force Password Reset and Password History validation >>> >>> Thanks, >>> Gayan >>> >>> -- >>> Gayan Gunawardana >>> Software Engineer; WSO2 Inc.; http://wso2.com/ >>> Email: [email protected] >>> Mobile: +94 (71) 8020933 >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> >> *Ruwan Abeykoon* >> *Associate Director/Architect**,* >> *WSO2, Inc. http://wso2.com <https://wso2.com/signature> * >> *lean.enterprise.middleware.* >> >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > Omindu Rathnaweera > Software Engineer, WSO2 Inc. > Mobile: +94 771 197 211 <+94%2077%20119%207211> > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > >
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
