Ok thanks, JIRA logged here: https://issues.apache.org/jira/browse/SYNCOPE-51
Colm. 2012/3/28 Francesco Chicchiriccò <[email protected]>: > On 28/03/2012 17:25, Colm O hEigeartaigh wrote: >> >> Is there any reason why MD5 is used (or even supported) as the >> password cipher algorithm? MD5 is deprecated and is not even allowed >> by many security products. > > > Hi Colm, > not any particular reason: default cipher algorithm (key > 'password.cipher.algorithm') is part of configuration and can be customized > at every deployment. > > Actually, MD5 is part of test configuration (no problems here, I guess) [1] > and production configuration [2], and this can be harmful. We should change > this ASAP to one of other algorithms supported [3]. > > I don't see any particular reason to keep MD5, anyway: anyone else's > thought? > > Regards. > > [1] > https://svn.us.apache.org/repos/asf/incubator/syncope/trunk/core/src/test/resources/content.xml > [2] > https://svn.us.apache.org/repos/asf/incubator/syncope/trunk/core/src/main/resources/content.xml > [3] > https://svn.us.apache.org/repos/asf/incubator/syncope/trunk/client/src/main/java/org/syncope/types/CipherAlgorithm.java > > -- > Francesco Chicchiriccò > > Apache Cocoon PMC and Apache Syncope PPMC Member > http://people.apache.org/~ilgrosso/ > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
