[
https://issues.apache.org/jira/browse/OFBIZ-9150?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15760451#comment-15760451
]
wangjunyuan commented on OFBIZ-9150:
------------------------------------
I would like to continue this task,I will submit this patch at the end of the
month before.
> Create a tool to hashes all our OOTB passwords using PBKDF2_SHA512
> ------------------------------------------------------------------
>
> Key: OFBIZ-9150
> URL: https://issues.apache.org/jira/browse/OFBIZ-9150
> Project: OFBiz
> Issue Type: Sub-task
> Components: framework
> Reporter: Jacques Le Roux
> Priority: Minor
>
> Currently we use SHA1 for our OOTB passwords hashes and they are not salted.
> If you create new passwords they will still use SHA1 but they will be salted,
> which is good.
> But we should better provide SHA-512 OOTB hashes instead of SHA-1. And use
> SHA-512 as default encrypting method (even for fields), with at least 10 000
> iterations, to lead our users to the best solution.
> We should also provide a simple and easy documentation about that. So far we
> have this discussion http://markmail.org/message/yqybsqzigrqbyxgf
> I suggest to improve/enhance
> https://cwiki.apache.org/confluence/display/OFBIZ/How+to+secure+your+deployment
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
