Thanks a lot Peter, Now I'm back and ready to help :)
Would appreciate to hear any thought regarding "soft" changing of password hash function On Mon, Jun 12, 2017 at 6:40 PM, Peter Dähn <[email protected]> wrote: > so.. now it is time I think... > > Congratulations! I hope you had a nice wedding and a few relaxing days... > > Greetings Peter > > > Am 24.05.2017 um 12:03 schrieb Peter Dähn: > >> ok.. then good luck... >> >> and best wishes when you are back... ;-) >> >> >> >> Am 24.05.2017 um 11:57 schrieb Maxim Solodovnik: >> >>> Thanks :) >>> >>> I'll be on vacation for the next 2 weeks, with rare access to the email >>> from my phone, so no rush :) >>> >>> On Wed, May 24, 2017 at 4:55 PM, Peter Dähn <[email protected]> wrote: >>> >>> ok.. need to think about it... ;-) >>>> >>>> I will be back in office next week... maybe with "THE IDEA".. or maybe >>>> not... ;-) >>>> >>>> Greetings Peter >>>> >>>> Am 24.05.2017 um 11:21 schrieb Maxim Solodovnik: >>>> >>>> It is all discussible :) >>>>> >>>>> 3.0.7 still uses MD5CryptImplementation >>>>> <https://github.com/apache/openmeetings/blob/3.0.x/src/util/ >>>>> java/org/apache/openmeetings/util/crypt/MD5CryptImplementation.java> >>>>> which >>>>> is not secure at all :((( >>>>> We can add back SHA256Implementation >>>>> <https://github.com/apache/openmeetings/blob/3.1.x/openmeeti >>>>> ngs-util/src/main/java/org/apache/openmeetings/util/ >>>>> crypt/SHA256Implementation.java> >>>>> >>>>> ( >>>>> available since 3.1.x) for compatibility reasons, but I'm afraid there >>>>> is >>>>> no clean way to perform backup and preserve passwords ..... >>>>> >>>>> I thought maybe we can add "Reset All passwords" admin function, but >>>>> it is >>>>> totally insecure :( >>>>> Any ideas are appreciated :) >>>>> >>>>> On Wed, May 24, 2017 at 4:15 PM, Peter Dähn <[email protected]> wrote: >>>>> >>>>> Hi, >>>>> >>>>>> I think further investigation is not needed. I just didn't see it >>>>>> before... >>>>>> >>>>>> Is this behavior the final state? Then it will be difficult to >>>>>> update my >>>>>> installation (3.0.7). This also should the problem with any >>>>>> installation >>>>>> before 3.3.0. Isn't it? >>>>>> >>>>>> Greetings Peter >>>>>> >>>>>> Am 24.05.2017 um 11:07 schrieb Maxim Solodovnik: >>>>>> >>>>>> Hello Peter, >>>>>> >>>>>>> these debug messages are OK during import (I can perform further >>>>>>> investigation, but I believe this is not an issue) >>>>>>> >>>>>>> Current 4.0.0 contains backported code from 3.3.0 which has stronger >>>>>>> Password rules ... >>>>>>> You were unable to login after restore from backup since Password >>>>>>> Crypt >>>>>>> was >>>>>>> changed to the SCrypt, which is stronger than SHA512 used before >>>>>>> >>>>>>> >>>>>>> >>>>>>> On Wed, May 24, 2017 at 3:50 PM, Peter Dähn <[email protected]> wrote: >>>>>>> >>>>>>> I tried to reset the password. I got following message: >>>>>>> >>>>>>> "Weak' password: at least 1 special symbol '!@#$%^&*][' is required" >>>>>>>> >>>>>>>> Could this be the Problem? I think this shouldn't be like that, >>>>>>>> because >>>>>>>> there wasn't such restriction before. >>>>>>>> >>>>>>>> Greetings Peter >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Am 24.05.2017 um 10:21 schrieb Peter Dähn: >>>>>>>> >>>>>>>> Hi Maxim, >>>>>>>> >>>>>>>> I wanted to try out html5 video components... >>>>>>>>> >>>>>>>>> While importing my backup (worked before) I got a lot of these >>>>>>>>> messages >>>>>>>>> below. >>>>>>>>> >>>>>>>>> DEBUG 05-24 10:06:49.592 AuthLevelUtil.java 56867 40 >>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level >>>>>>>>> Login :: >>>>>>>>> [GRANTED] >>>>>>>>> DEBUG 05-24 10:06:49.601 AuthLevelUtil.java 56876 40 >>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level >>>>>>>>> Login :: >>>>>>>>> [DENIED] >>>>>>>>> DEBUG 05-24 10:06:49.609 AuthLevelUtil.java 56884 40 >>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level >>>>>>>>> Login :: >>>>>>>>> [DENIED] >>>>>>>>> DEBUG 05-24 10:06:49.615 AuthLevelUtil.java 56890 40 >>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level >>>>>>>>> Login :: >>>>>>>>> [DENIED] >>>>>>>>> DEBUG 05-24 10:06:49.622 AuthLevelUtil.java 56897 40 >>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level >>>>>>>>> Login :: >>>>>>>>> [DENIED] >>>>>>>>> DEBUG 05-24 10:06:49.629 AuthLevelUtil.java 56904 40 >>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level >>>>>>>>> Login :: >>>>>>>>> [DENIED] >>>>>>>>> DEBUG 05-24 10:06:49.636 AuthLevelUtil.java 56911 40 >>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level >>>>>>>>> Login :: >>>>>>>>> [DENIED] >>>>>>>>> >>>>>>>>> I never noticed these ones before. After starting the server, I >>>>>>>>> couldn't >>>>>>>>> login with my admin user. "Username/email and/or password are >>>>>>>>> incorrect." >>>>>>>>> >>>>>>>>> Any Ideas? >>>>>>>>> >>>>>>>>> Greetings Peter >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>> >> -- WBR Maxim aka solomax
