[
https://jira.duraspace.org/browse/DS-861?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mark H. Wood updated DS-861:
----------------------------
Fix Version/s: 3.0
> Salt PasswordAuthentication
> ---------------------------
>
> Key: DS-861
> URL: https://jira.duraspace.org/browse/DS-861
> Project: DSpace
> Issue Type: Improvement
> Components: DSpace API
> Affects Versions: 1.7.0
> Reporter: Alex Lemann
> Assignee: Mark H. Wood
> Fix For: 3.0
>
>
> DSpace does not store and use salted hash passwords for local database based
> authentication (PasswordAuthentication). This constitutes a security risk in
> that given a database dump an attacker can more easily crack passwords using
> a rainbow table. For more information see the wikipedia article on salting
> password hashes:
> http://en.wikipedia.org/wiki/Salt_(cryptography)
> Possible Tasks:
> Create new configuration parameter for the salt value
> Automatically generate a securely random hash for new projects
> Document new configuration option & install information
> Store salted hashes in passwords in DB
> Use salt for authentication
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://jira.duraspace.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Dspace-devel mailing list
Dspace-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-devel
