Jan Lehnardt created COUCHDB-2495:
-------------------------------------
Summary: Switch PBKDF2 to SHA256
Key: COUCHDB-2495
URL: https://issues.apache.org/jira/browse/COUCHDB-2495
Project: CouchDB
Issue Type: Improvement
Security Level: public (Regular issues)
Components: Database Core
Reporter: Jan Lehnardt
We currently use SHA1 for PBKDF2 hashing. While the way SHA1 is used, this
doesn’t pose a security issue, it is generally advisable to use a newer hash
function, e.g. SHA256. [~kxepal] noted on the user@ list, that this would leave
older Erlang versions (R14 and R15) behind, so we can’t do it right now, but we
should think about it for the future.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
