[
https://issues.apache.org/jira/browse/JAMES-1677?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tellier Benoit updated JAMES-1677:
----------------------------------
Labels: newbie security (was: security)
> Upgrade the users hashing algorithm type
> ----------------------------------------
>
> Key: JAMES-1677
> URL: https://issues.apache.org/jira/browse/JAMES-1677
> Project: James Server
> Issue Type: Improvement
> Reporter: Ahmet Kaplan
> Priority: Minor
> Labels: newbie, security
>
> User data models use different hashing algorithms:
> JPA -> MD5
> JDBC -> SHA
> Cassandra -> SHA1
> HBase -> MD5
> Memory -> MD5
> JCR -> MD5
> There are lots of hashing discussions such as
> http://stackoverflow.com/questions/20186354/best-practice-of-hashing-passwords/20186472#20186472
> https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet
> https://en.wikipedia.org/wiki/SHA-2
> http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf
> I offer SHA-256 for all user data models.
> P.S: Not exactly related but Google Chrome does not allow SHA1 at next year.
> http://blog.chromium.org/2014/09/gradually-sunsetting-sha-1.html
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
