[jira] [Commented] (OFBIZ-8537) LoginWorker HashCrypt the type of hash for one-way encryption
[ https://issues.apache.org/jira/browse/OFBIZ-8537?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15722402#comment-15722402 ] Jacques Le Roux commented on OFBIZ-8537: Done at http://markmail.org/message/vtwktynlecx7lczl > LoginWorker HashCrypt the type of hash for one-way encryption > - > > Key: OFBIZ-8537 > URL: https://issues.apache.org/jira/browse/OFBIZ-8537 > Project: OFBiz > Issue Type: New Feature > Components: framework >Affects Versions: Trunk >Reporter: wangjunyuan >Assignee: Shi Jinghai >Priority: Minor > Labels: HashCrypt, PBKDF2, security.properties > Attachments: HashCrypt.patch > > > PBKDF2 (Password-Based Key Derivation Function 2) is part of RSA > Laboratories' Public-Key Cryptography Standards (PKCS) series, specifically > PKCS #5 v2.0, also published as Internet Engineering Task Force's RFC 2898. > It replaces an earlier key derivation function, PBKDF1, which could only > produce derived keys up to 160 bits long.Add this function to ofbiz ,this > PBKDF2 has four types in > Java:'PBKDF2WithHmacSHA1','PBKDF2WithHmacSHA256','PBKDF2WithHmacSHA384','PBKDF2WithHmacSHA512' -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Issue Comment Deleted] (OFBIZ-8537) LoginWorker HashCrypt the type of hash for one-way encryption
[ https://issues.apache.org/jira/browse/OFBIZ-8537?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jacques Le Roux updated OFBIZ-8537: --- Comment: was deleted (was: I concur, thanks Junyuan, this is much appreciated :)) > LoginWorker HashCrypt the type of hash for one-way encryption > - > > Key: OFBIZ-8537 > URL: https://issues.apache.org/jira/browse/OFBIZ-8537 > Project: OFBiz > Issue Type: New Feature > Components: framework >Affects Versions: Trunk >Reporter: wangjunyuan >Assignee: Shi Jinghai >Priority: Minor > Labels: HashCrypt, PBKDF2, security.properties > Attachments: HashCrypt.patch > > > PBKDF2 (Password-Based Key Derivation Function 2) is part of RSA > Laboratories' Public-Key Cryptography Standards (PKCS) series, specifically > PKCS #5 v2.0, also published as Internet Engineering Task Force's RFC 2898. > It replaces an earlier key derivation function, PBKDF1, which could only > produce derived keys up to 160 bits long.Add this function to ofbiz ,this > PBKDF2 has four types in > Java:'PBKDF2WithHmacSHA1','PBKDF2WithHmacSHA256','PBKDF2WithHmacSHA384','PBKDF2WithHmacSHA512' -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OFBIZ-8537) LoginWorker HashCrypt the type of hash for one-way encryption
[ https://issues.apache.org/jira/browse/OFBIZ-8537?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15722234#comment-15722234 ] Jacques Le Roux commented on OFBIZ-8537: I concur, thanks Junyuan, this is much appreciated :) > LoginWorker HashCrypt the type of hash for one-way encryption > - > > Key: OFBIZ-8537 > URL: https://issues.apache.org/jira/browse/OFBIZ-8537 > Project: OFBiz > Issue Type: New Feature > Components: framework >Affects Versions: Trunk >Reporter: wangjunyuan >Assignee: Shi Jinghai >Priority: Minor > Labels: HashCrypt, PBKDF2, security.properties > Attachments: HashCrypt.patch > > > PBKDF2 (Password-Based Key Derivation Function 2) is part of RSA > Laboratories' Public-Key Cryptography Standards (PKCS) series, specifically > PKCS #5 v2.0, also published as Internet Engineering Task Force's RFC 2898. > It replaces an earlier key derivation function, PBKDF1, which could only > produce derived keys up to 160 bits long.Add this function to ofbiz ,this > PBKDF2 has four types in > Java:'PBKDF2WithHmacSHA1','PBKDF2WithHmacSHA256','PBKDF2WithHmacSHA384','PBKDF2WithHmacSHA512' -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Assigned] (OFBIZ-6919) New implementation of Birt. Easier user possibility of report creation
[
https://issues.apache.org/jira/browse/OFBIZ-6919?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jacques Le Roux reassigned OFBIZ-6919:
--
Assignee: Jacques Le Roux
> New implementation of Birt. Easier user possibility of report creation
> --
>
> Key: OFBIZ-6919
> URL: https://issues.apache.org/jira/browse/OFBIZ-6919
> Project: OFBiz
> Issue Type: New Feature
> Components: specialpurpose/birt
>Affects Versions: Trunk
>Reporter: François Wurmser
>Assignee: Jacques Le Roux
>Priority: Minor
> Fix For: Upcoming Release
>
>
> This is a new implementation of Birt. It allows the creation of "report
> masters" by the developer, which will in turn let the user create its own
> reports. Data connection of report is fully generated by OFBiz based on
> report master. Design is user made.
> Filtering is made via content forms stored in the database ("FORM_COMBINED")
> data_resource.
> The patch should be available in a few days.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (OFBIZ-8537) LoginWorker HashCrypt the type of hash for one-way encryption
[ https://issues.apache.org/jira/browse/OFBIZ-8537?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15722019#comment-15722019 ] Michael Brohl commented on OFBIZ-8537: -- Agree, thanks Jacques. > LoginWorker HashCrypt the type of hash for one-way encryption > - > > Key: OFBIZ-8537 > URL: https://issues.apache.org/jira/browse/OFBIZ-8537 > Project: OFBiz > Issue Type: New Feature > Components: framework >Affects Versions: Trunk >Reporter: wangjunyuan >Assignee: Shi Jinghai >Priority: Minor > Labels: HashCrypt, PBKDF2, security.properties > Attachments: HashCrypt.patch > > > PBKDF2 (Password-Based Key Derivation Function 2) is part of RSA > Laboratories' Public-Key Cryptography Standards (PKCS) series, specifically > PKCS #5 v2.0, also published as Internet Engineering Task Force's RFC 2898. > It replaces an earlier key derivation function, PBKDF1, which could only > produce derived keys up to 160 bits long.Add this function to ofbiz ,this > PBKDF2 has four types in > Java:'PBKDF2WithHmacSHA1','PBKDF2WithHmacSHA256','PBKDF2WithHmacSHA384','PBKDF2WithHmacSHA512' -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OFBIZ-8537) LoginWorker HashCrypt the type of hash for one-way encryption
[ https://issues.apache.org/jira/browse/OFBIZ-8537?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15722017#comment-15722017 ] Jacques Le Roux commented on OFBIZ-8537: I concur, thanks Junyuan, this is much appreciated :) > LoginWorker HashCrypt the type of hash for one-way encryption > - > > Key: OFBIZ-8537 > URL: https://issues.apache.org/jira/browse/OFBIZ-8537 > Project: OFBiz > Issue Type: New Feature > Components: framework >Affects Versions: Trunk >Reporter: wangjunyuan >Assignee: Shi Jinghai >Priority: Minor > Labels: HashCrypt, PBKDF2, security.properties > Attachments: HashCrypt.patch > > > PBKDF2 (Password-Based Key Derivation Function 2) is part of RSA > Laboratories' Public-Key Cryptography Standards (PKCS) series, specifically > PKCS #5 v2.0, also published as Internet Engineering Task Force's RFC 2898. > It replaces an earlier key derivation function, PBKDF1, which could only > produce derived keys up to 160 bits long.Add this function to ofbiz ,this > PBKDF2 has four types in > Java:'PBKDF2WithHmacSHA1','PBKDF2WithHmacSHA256','PBKDF2WithHmacSHA384','PBKDF2WithHmacSHA512' -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OFBIZ-8537) LoginWorker HashCrypt the type of hash for one-way encryption
[ https://issues.apache.org/jira/browse/OFBIZ-8537?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15722016#comment-15722016 ] Jacques Le Roux commented on OFBIZ-8537: When it comes to security it's better to rely on last improvements than an old RFC from year 2000. There is also an improvement on PBKDF2, but at least PBKDF2 is better than SHA-1. I also agree with Pierre that we should better discuss this on the dev ML, notably by asking Grégory (ou security expert) about what he thinks about that. I'll do... > LoginWorker HashCrypt the type of hash for one-way encryption > - > > Key: OFBIZ-8537 > URL: https://issues.apache.org/jira/browse/OFBIZ-8537 > Project: OFBiz > Issue Type: New Feature > Components: framework >Affects Versions: Trunk >Reporter: wangjunyuan >Assignee: Shi Jinghai >Priority: Minor > Labels: HashCrypt, PBKDF2, security.properties > Attachments: HashCrypt.patch > > > PBKDF2 (Password-Based Key Derivation Function 2) is part of RSA > Laboratories' Public-Key Cryptography Standards (PKCS) series, specifically > PKCS #5 v2.0, also published as Internet Engineering Task Force's RFC 2898. > It replaces an earlier key derivation function, PBKDF1, which could only > produce derived keys up to 160 bits long.Add this function to ofbiz ,this > PBKDF2 has four types in > Java:'PBKDF2WithHmacSHA1','PBKDF2WithHmacSHA256','PBKDF2WithHmacSHA384','PBKDF2WithHmacSHA512' -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OFBIZ-8537) LoginWorker HashCrypt the type of hash for one-way encryption
[ https://issues.apache.org/jira/browse/OFBIZ-8537?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15721938#comment-15721938 ] Pierre Smits commented on OFBIZ-8537: - That discussion is much broader than this issue tries to solve. It is also more fitting to be discussed in the dev ML as it should pobably be part of http://ofbiz.markmail.org/message/bjcwhitfd3elutgi , > LoginWorker HashCrypt the type of hash for one-way encryption > - > > Key: OFBIZ-8537 > URL: https://issues.apache.org/jira/browse/OFBIZ-8537 > Project: OFBiz > Issue Type: New Feature > Components: framework >Affects Versions: Trunk >Reporter: wangjunyuan >Assignee: Shi Jinghai >Priority: Minor > Labels: HashCrypt, PBKDF2, security.properties > Attachments: HashCrypt.patch > > > PBKDF2 (Password-Based Key Derivation Function 2) is part of RSA > Laboratories' Public-Key Cryptography Standards (PKCS) series, specifically > PKCS #5 v2.0, also published as Internet Engineering Task Force's RFC 2898. > It replaces an earlier key derivation function, PBKDF1, which could only > produce derived keys up to 160 bits long.Add this function to ofbiz ,this > PBKDF2 has four types in > Java:'PBKDF2WithHmacSHA1','PBKDF2WithHmacSHA256','PBKDF2WithHmacSHA384','PBKDF2WithHmacSHA512' -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Comment Edited] (OFBIZ-8537) LoginWorker HashCrypt the type of hash for one-way encryption
[ https://issues.apache.org/jira/browse/OFBIZ-8537?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15721925#comment-15721925 ] Michael Brohl edited comment on OFBIZ-8537 at 12/5/16 10:47 AM: I ask myself if we should introduce PBKDF2 if it is not RFC compliant (which I have not checked) and has known weaknesses and/or better solutions are available? was (Author: mbrohl): I ask myself if we should introduce PBKDF2 if it is not RFC compliant and has known weaknesses and/or better solutions are available? > LoginWorker HashCrypt the type of hash for one-way encryption > - > > Key: OFBIZ-8537 > URL: https://issues.apache.org/jira/browse/OFBIZ-8537 > Project: OFBiz > Issue Type: New Feature > Components: framework >Affects Versions: Trunk >Reporter: wangjunyuan >Assignee: Shi Jinghai >Priority: Minor > Labels: HashCrypt, PBKDF2, security.properties > Attachments: HashCrypt.patch > > > PBKDF2 (Password-Based Key Derivation Function 2) is part of RSA > Laboratories' Public-Key Cryptography Standards (PKCS) series, specifically > PKCS #5 v2.0, also published as Internet Engineering Task Force's RFC 2898. > It replaces an earlier key derivation function, PBKDF1, which could only > produce derived keys up to 160 bits long.Add this function to ofbiz ,this > PBKDF2 has four types in > Java:'PBKDF2WithHmacSHA1','PBKDF2WithHmacSHA256','PBKDF2WithHmacSHA384','PBKDF2WithHmacSHA512' -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OFBIZ-8537) LoginWorker HashCrypt the type of hash for one-way encryption
[ https://issues.apache.org/jira/browse/OFBIZ-8537?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15721925#comment-15721925 ] Michael Brohl commented on OFBIZ-8537: -- I ask myself if we should introduce PBKDF2 if it is not RFC compliant and has known weaknesses and/or better solutions are available? > LoginWorker HashCrypt the type of hash for one-way encryption > - > > Key: OFBIZ-8537 > URL: https://issues.apache.org/jira/browse/OFBIZ-8537 > Project: OFBiz > Issue Type: New Feature > Components: framework >Affects Versions: Trunk >Reporter: wangjunyuan >Assignee: Shi Jinghai >Priority: Minor > Labels: HashCrypt, PBKDF2, security.properties > Attachments: HashCrypt.patch > > > PBKDF2 (Password-Based Key Derivation Function 2) is part of RSA > Laboratories' Public-Key Cryptography Standards (PKCS) series, specifically > PKCS #5 v2.0, also published as Internet Engineering Task Force's RFC 2898. > It replaces an earlier key derivation function, PBKDF1, which could only > produce derived keys up to 160 bits long.Add this function to ofbiz ,this > PBKDF2 has four types in > Java:'PBKDF2WithHmacSHA1','PBKDF2WithHmacSHA256','PBKDF2WithHmacSHA384','PBKDF2WithHmacSHA512' -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OFBIZ-8537) LoginWorker HashCrypt the type of hash for one-way encryption
[ https://issues.apache.org/jira/browse/OFBIZ-8537?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15721921#comment-15721921 ] Jacques Le Roux commented on OFBIZ-8537: Also this is interesting https://cryptosense.com/parameter-choice-for-pbkdf2/ That's why I suggest we use PBKDF2 rather than the old SHA-1 > LoginWorker HashCrypt the type of hash for one-way encryption > - > > Key: OFBIZ-8537 > URL: https://issues.apache.org/jira/browse/OFBIZ-8537 > Project: OFBiz > Issue Type: New Feature > Components: framework >Affects Versions: Trunk >Reporter: wangjunyuan >Assignee: Shi Jinghai >Priority: Minor > Labels: HashCrypt, PBKDF2, security.properties > Attachments: HashCrypt.patch > > > PBKDF2 (Password-Based Key Derivation Function 2) is part of RSA > Laboratories' Public-Key Cryptography Standards (PKCS) series, specifically > PKCS #5 v2.0, also published as Internet Engineering Task Force's RFC 2898. > It replaces an earlier key derivation function, PBKDF1, which could only > produce derived keys up to 160 bits long.Add this function to ofbiz ,this > PBKDF2 has four types in > Java:'PBKDF2WithHmacSHA1','PBKDF2WithHmacSHA256','PBKDF2WithHmacSHA384','PBKDF2WithHmacSHA512' -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OFBIZ-8537) LoginWorker HashCrypt the type of hash for one-way encryption
[ https://issues.apache.org/jira/browse/OFBIZ-8537?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15721910#comment-15721910 ] Jacques Le Roux commented on OFBIZ-8537: Hi Guys we crossed on wire, see my comments at http://markmail.org/message/n6mpoklnecsmmuwi I was not aware that "PBKDF2 is not compliant with RFC standard" as you said Jinghai. Where can I find this information? BTW note that it has already been superceded https://en.wikipedia.org/wiki/PBKDF2#Alternatives_to_PBKDF2 > LoginWorker HashCrypt the type of hash for one-way encryption > - > > Key: OFBIZ-8537 > URL: https://issues.apache.org/jira/browse/OFBIZ-8537 > Project: OFBiz > Issue Type: New Feature > Components: framework >Affects Versions: Trunk >Reporter: wangjunyuan >Assignee: Shi Jinghai >Priority: Minor > Labels: HashCrypt, PBKDF2, security.properties > Attachments: HashCrypt.patch > > > PBKDF2 (Password-Based Key Derivation Function 2) is part of RSA > Laboratories' Public-Key Cryptography Standards (PKCS) series, specifically > PKCS #5 v2.0, also published as Internet Engineering Task Force's RFC 2898. > It replaces an earlier key derivation function, PBKDF1, which could only > produce derived keys up to 160 bits long.Add this function to ofbiz ,this > PBKDF2 has four types in > Java:'PBKDF2WithHmacSHA1','PBKDF2WithHmacSHA256','PBKDF2WithHmacSHA384','PBKDF2WithHmacSHA512' -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OFBIZ-8537) LoginWorker HashCrypt the type of hash for one-way encryption
[ https://issues.apache.org/jira/browse/OFBIZ-8537?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15721836#comment-15721836 ] Michael Brohl commented on OFBIZ-8537: -- Thank you, [~shi.jinghai]! > LoginWorker HashCrypt the type of hash for one-way encryption > - > > Key: OFBIZ-8537 > URL: https://issues.apache.org/jira/browse/OFBIZ-8537 > Project: OFBiz > Issue Type: New Feature > Components: framework >Affects Versions: Trunk >Reporter: wangjunyuan >Assignee: Shi Jinghai >Priority: Minor > Labels: HashCrypt, PBKDF2, security.properties > Attachments: HashCrypt.patch > > > PBKDF2 (Password-Based Key Derivation Function 2) is part of RSA > Laboratories' Public-Key Cryptography Standards (PKCS) series, specifically > PKCS #5 v2.0, also published as Internet Engineering Task Force's RFC 2898. > It replaces an earlier key derivation function, PBKDF1, which could only > produce derived keys up to 160 bits long.Add this function to ofbiz ,this > PBKDF2 has four types in > Java:'PBKDF2WithHmacSHA1','PBKDF2WithHmacSHA256','PBKDF2WithHmacSHA384','PBKDF2WithHmacSHA512' -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OFBIZ-8537) LoginWorker HashCrypt the type of hash for one-way encryption
[ https://issues.apache.org/jira/browse/OFBIZ-8537?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15721834#comment-15721834 ] Michael Brohl commented on OFBIZ-8537: -- Noone said that, I guess. For this issue, the entry should be changed back because it introduces an inconsistency in the commit. If you want to remove the flexadmin entries, this is another case and should be filed in another JIRA. It has nothing to do with this issue. > LoginWorker HashCrypt the type of hash for one-way encryption > - > > Key: OFBIZ-8537 > URL: https://issues.apache.org/jira/browse/OFBIZ-8537 > Project: OFBiz > Issue Type: New Feature > Components: framework >Affects Versions: Trunk >Reporter: wangjunyuan >Assignee: Shi Jinghai >Priority: Minor > Labels: HashCrypt, PBKDF2, security.properties > Attachments: HashCrypt.patch > > > PBKDF2 (Password-Based Key Derivation Function 2) is part of RSA > Laboratories' Public-Key Cryptography Standards (PKCS) series, specifically > PKCS #5 v2.0, also published as Internet Engineering Task Force's RFC 2898. > It replaces an earlier key derivation function, PBKDF1, which could only > produce derived keys up to 160 bits long.Add this function to ofbiz ,this > PBKDF2 has four types in > Java:'PBKDF2WithHmacSHA1','PBKDF2WithHmacSHA256','PBKDF2WithHmacSHA384','PBKDF2WithHmacSHA512' -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OFBIZ-8537) LoginWorker HashCrypt the type of hash for one-way encryption
[ https://issues.apache.org/jira/browse/OFBIZ-8537?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15721830#comment-15721830 ] Shi Jinghai commented on OFBIZ-8537: Thanks Michael for reviewing and Pierre for the suggestion on password format (see https://github.com/hamano/openldap-pbkdf2)! I'll change flexadmin's password back to SHA as currently the password format of PBKDF2 is not complied with RFC standard. > LoginWorker HashCrypt the type of hash for one-way encryption > - > > Key: OFBIZ-8537 > URL: https://issues.apache.org/jira/browse/OFBIZ-8537 > Project: OFBiz > Issue Type: New Feature > Components: framework >Affects Versions: Trunk >Reporter: wangjunyuan >Assignee: Shi Jinghai >Priority: Minor > Labels: HashCrypt, PBKDF2, security.properties > Attachments: HashCrypt.patch > > > PBKDF2 (Password-Based Key Derivation Function 2) is part of RSA > Laboratories' Public-Key Cryptography Standards (PKCS) series, specifically > PKCS #5 v2.0, also published as Internet Engineering Task Force's RFC 2898. > It replaces an earlier key derivation function, PBKDF1, which could only > produce derived keys up to 160 bits long.Add this function to ofbiz ,this > PBKDF2 has four types in > Java:'PBKDF2WithHmacSHA1','PBKDF2WithHmacSHA256','PBKDF2WithHmacSHA384','PBKDF2WithHmacSHA512' -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Comment Edited] (OFBIZ-8537) LoginWorker HashCrypt the type of hash for one-way encryption
[ https://issues.apache.org/jira/browse/OFBIZ-8537?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15721812#comment-15721812 ] Pierre Smits edited comment on OFBIZ-8537 at 12/5/16 10:00 AM: --- Hi [~wangjunyuan], [~shi.jinghai], I wonder who said that OFBiz trunk could *not* be volatile, and *not* be breaking with the past... I suggest not to change back, but rather remove the flexadmin references everywhere. Preferably in a new JIRA issue. We're talking about demo data was (Author: pfm.smits): Hi [~wangjunyuan], [~shi.jinghai], I wonder who said that OFBiz could *not* be volatile, and *not* be breaking with the past... I suggest not to change back, but rather remove the flexadmin references everywhere. Preferably in a new JIRA issue. We're talking about demo data > LoginWorker HashCrypt the type of hash for one-way encryption > - > > Key: OFBIZ-8537 > URL: https://issues.apache.org/jira/browse/OFBIZ-8537 > Project: OFBiz > Issue Type: New Feature > Components: framework >Affects Versions: Trunk >Reporter: wangjunyuan >Assignee: Shi Jinghai >Priority: Minor > Labels: HashCrypt, PBKDF2, security.properties > Attachments: HashCrypt.patch > > > PBKDF2 (Password-Based Key Derivation Function 2) is part of RSA > Laboratories' Public-Key Cryptography Standards (PKCS) series, specifically > PKCS #5 v2.0, also published as Internet Engineering Task Force's RFC 2898. > It replaces an earlier key derivation function, PBKDF1, which could only > produce derived keys up to 160 bits long.Add this function to ofbiz ,this > PBKDF2 has four types in > Java:'PBKDF2WithHmacSHA1','PBKDF2WithHmacSHA256','PBKDF2WithHmacSHA384','PBKDF2WithHmacSHA512' -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OFBIZ-8537) LoginWorker HashCrypt the type of hash for one-way encryption
[ https://issues.apache.org/jira/browse/OFBIZ-8537?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15721812#comment-15721812 ] Pierre Smits commented on OFBIZ-8537: - Hi [~wangjunyuan], [~shi.jinghai], I wonder who said that OFBiz could *not* be volatile, and *not* be breaking with the past... I suggest not to change back, but rather remove the flexadmin references everywhere. Preferably in a new JIRA issue. We're talking about demo data > LoginWorker HashCrypt the type of hash for one-way encryption > - > > Key: OFBIZ-8537 > URL: https://issues.apache.org/jira/browse/OFBIZ-8537 > Project: OFBiz > Issue Type: New Feature > Components: framework >Affects Versions: Trunk >Reporter: wangjunyuan >Assignee: Shi Jinghai >Priority: Minor > Labels: HashCrypt, PBKDF2, security.properties > Attachments: HashCrypt.patch > > > PBKDF2 (Password-Based Key Derivation Function 2) is part of RSA > Laboratories' Public-Key Cryptography Standards (PKCS) series, specifically > PKCS #5 v2.0, also published as Internet Engineering Task Force's RFC 2898. > It replaces an earlier key derivation function, PBKDF1, which could only > produce derived keys up to 160 bits long.Add this function to ofbiz ,this > PBKDF2 has four types in > Java:'PBKDF2WithHmacSHA1','PBKDF2WithHmacSHA256','PBKDF2WithHmacSHA384','PBKDF2WithHmacSHA512' -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OFBIZ-8537) LoginWorker HashCrypt the type of hash for one-way encryption
[ https://issues.apache.org/jira/browse/OFBIZ-8537?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15721786#comment-15721786 ] Michael Brohl commented on OFBIZ-8537: -- Hi [~wangjunyuan], [~shi.jinghai], thanks for your contributions! I briefly reviewed the patch and think that we should change back the change of the demo data flexadmin password. The encryption configuration is still SHA (as it should be for backwards compatibility) and the demo data should be consistent with the configuration. If you want to provide an example for PBKDF2 I'd suggest to put it in the documentation or as a comment in the demo data. Thanky, Michael > LoginWorker HashCrypt the type of hash for one-way encryption > - > > Key: OFBIZ-8537 > URL: https://issues.apache.org/jira/browse/OFBIZ-8537 > Project: OFBiz > Issue Type: New Feature > Components: framework >Affects Versions: Trunk >Reporter: wangjunyuan >Assignee: Shi Jinghai >Priority: Minor > Labels: HashCrypt, PBKDF2, security.properties > Attachments: HashCrypt.patch > > > PBKDF2 (Password-Based Key Derivation Function 2) is part of RSA > Laboratories' Public-Key Cryptography Standards (PKCS) series, specifically > PKCS #5 v2.0, also published as Internet Engineering Task Force's RFC 2898. > It replaces an earlier key derivation function, PBKDF1, which could only > produce derived keys up to 160 bits long.Add this function to ofbiz ,this > PBKDF2 has four types in > Java:'PBKDF2WithHmacSHA1','PBKDF2WithHmacSHA256','PBKDF2WithHmacSHA384','PBKDF2WithHmacSHA512' -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OFBIZ-8337) Refactor and simplify the startup sequence in OFBiz
[ https://issues.apache.org/jira/browse/OFBIZ-8337?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15721692#comment-15721692 ] Jacopo Cappellato commented on OFBIZ-8337: -- I have applied and tested your latest patch and I didn't spot any issues with it. Thank you. > Refactor and simplify the startup sequence in OFBiz > --- > > Key: OFBIZ-8337 > URL: https://issues.apache.org/jira/browse/OFBIZ-8337 > Project: OFBiz > Issue Type: Improvement > Components: base, start >Affects Versions: Upcoming Release >Reporter: Taher Alkhateeb >Assignee: Taher Alkhateeb >Priority: Minor > Attachments: OFBIZ-8337-2.patch, OFBIZ-8337-3.patch, > OFBIZ-8337-3.patch, OFBIZ-8337.patch > > > The startup sequence in OFBiz is highly complex and requires improvements on > multiple levels including: > - The entire classpath buildup logic and > org.apache.ofbiz.base.start.Classpath needs to be removed. The original idea > of classpath isolation between the components created many more problems than > it solved, and right now the classpath construction is the responsibility of > the build system. > - The custom classloader needs to be removed as well together with the > classpath mentioned above. > - The StartupLoader interface should remove the start() method and just have > two methods, load and unload. > - The startup sequence should have only one StartupLoader, not an array of > startup loaders. This StartupLoader (implemented as ContainerLoader) is the > only class responsible for bootstrapping OFBiz > - The ContainerLoader needs to be completely refactored, not only to remove > the start() method but also to cleanup the very messy logic currently > residing there. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
