[
https://issues.apache.org/jira/browse/SYNCOPE-100?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
fabio martelli resolved SYNCOPE-100.
------------------------------------
Resolution: Fixed
Assignee: fabio martelli
Merged with SYNCOPE-51 and applied.
> Add more password encryption options
> ------------------------------------
>
> Key: SYNCOPE-100
> URL: https://issues.apache.org/jira/browse/SYNCOPE-100
> Project: Syncope
> Issue Type: Improvement
> Reporter: Francesco Chicchiriccò
> Assignee: fabio martelli
> Labels: security
> Fix For: 1.1.0-incubating
>
> Attachments: passwordhash.patch
>
>
> It would be best to add other password mechanisms that include salting and
> stretching of passwords (see links).
> This would mean that an extra attribute has to be added to the user (salt)
> which can be used for that purpose.
> You would be able to keep the old ones for backward compatibility and include
> new ones which are a lot safer. Apparently PBKDF2 is considered a secure
> mechanism.
> Some reading material:
> https://www.owasp.org/index.php/Hashing_Java
> http://jerryorr.blogspot.be/2012/05/secure-password-storage-lots-of-donts.html
> http://throwingfire.com/storing-passwords-securely/
> Jasypt (http://www.jasypt.org/) provides all the things mentioned in the
> articles, such as hashing,
> salting and iteration out of the box, and is also AL 2.0 licensed.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
