[
https://issues.apache.org/jira/browse/OFBIZ-1151?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12858370#action_12858370
]
Adam Heath commented on OFBIZ-1151:
-----------------------------------
I actually have a patch for this now. Existing database entries will continue
to work, while changing a password will end up being salted. The salt is
randomly generated each and every time a password is hashed. There is no
globally shared salt at any point. The length of the salt is from 1 to 16
chars, and the content is also random.
> Passwords are not seeded
> ------------------------
>
> Key: OFBIZ-1151
> URL: https://issues.apache.org/jira/browse/OFBIZ-1151
> Project: OFBiz
> Issue Type: Sub-task
> Components: party
> Affects Versions: Release Branch 4.0, SVN trunk
> Reporter: Wickersheimer Jeremy
> Assignee: Jacques Le Roux
> Priority: Minor
>
> Password are currently hashed but not seeded which may be a security issue.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
