[
https://jira.duraspace.org/browse/DS-861?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mark H. Wood reassigned DS-861:
-------------------------------
Assignee: Mark H. Wood
> Salt PasswordAuthentication
> ---------------------------
>
> Key: DS-861
> URL: https://jira.duraspace.org/browse/DS-861
> Project: DSpace
> Issue Type: Improvement
> Components: DSpace API
> Affects Versions: 1.7.0
> Reporter: Alex Lemann
> Assignee: Mark H. Wood
>
> DSpace does not store and use salted hash passwords for local database based
> authentication (PasswordAuthentication). This constitutes a security risk in
> that given a database dump an attacker can more easily crack passwords using
> a rainbow table. For more information see the wikipedia article on salting
> password hashes:
> http://en.wikipedia.org/wiki/Salt_(cryptography)
> Possible Tasks:
> Create new configuration parameter for the salt value
> Automatically generate a securely random hash for new projects
> Document new configuration option & install information
> Store salted hashes in passwords in DB
> Use salt for authentication
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.duraspace.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
Got Input? Slashdot Needs You.
Take our quick survey online. Come on, we don't ask for help often.
Plus, you'll get a chance to win $100 to spend on ThinkGeek.
http://p.sf.net/sfu/slashdot-survey
_______________________________________________
Dspace-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-devel
