Jacques Le Roux created OFBIZ-9150:
--------------------------------------
Summary: Create a tool to hashes all our OOTB passwords using
PBKDF2_SHA512
Key: OFBIZ-9150
URL: https://issues.apache.org/jira/browse/OFBIZ-9150
Project: OFBiz
Issue Type: Sub-task
Components: framework
Reporter: Jacques Le Roux
Priority: Minor
Currently we use SHA1 for our OOTB passwords hashes and they are not salted.
If you create new passwords they will still use SHA1 but they will be salted,
which is good.
But we should better provide SHA-512 OOTB hashes instead of SHA-1. And use
SHA-512 as default encrypting method (even for fields), with at least 10 000
iterations, to lead our users to the best solution.
We should also provide a simple and easy documentation about that. So far we
have this discussion http://markmail.org/message/yqybsqzigrqbyxgf
I suggest to improve/enhance
https://cwiki.apache.org/confluence/display/OFBIZ/How+to+secure+your+deployment
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
