On 14/07/2017 10:48, Colm O hEigeartaigh wrote:
Should we change the default password algorithm from SHA1 for 2.1.0? It's
probably time to migrate from SHA1 IMO.
Makes sense.
The only problem I could see if when pulling hashed password values from
LDAP, where SHA1 is still quite common. Not a big deal, anyway.
Which algorithm do you propose?
Regards.
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
