Re: AW: AW: WG: SHA / SHA1 seed data and password encryption

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Re: AW: AW: WG: SHA / SHA1 seed data and password encryption

Jacques Le Roux
Administrator
BTW there are already Jira issues open about all that https://issues.apache.org/jira/browse/OFBIZ-1525
Precisely about this issue https://issues.apache.org/jira/browse/OFBIZ-1151

This discussion should be better in dev ML...

Thanks

Jacques

From: "David E Jones" <[hidden email]>

>
> On Apr 30, 2008, at 2:25 AM, Sebastian Schirmer wrote:
>> Hi David,
>>
>> thanks for the new hash implementation. We are going to implement an  auto conversion method additionally.
>> This should write the new correct sha/md5 hash after login  validation with the old (funny) hash.
>>
>> Is the keystore entity also affected to the new hash methods?
>
> No, the keystore is only used for 2-way encryption.
>
> BTW, on a side note, there is still no "salting" in this password  encryption, not sure if that is something you guys have looked
> at or  need but it is something that crossed my mind while looking at this  again.
>
> -David
>
>
>> --On Dienstag, 29. April 2008 09:09 -0600 David E Jones <[hidden email]
>> > wrote:
>>
>>>
>>> Attached is the patch for the stuff I was working on last night.
>>>
>>> Unfortunately it doesn't just have the password improvements, but  instead
>>> also has the generic audit log feature that I recently added to the
>>> entity engine.
>>>
>>> As has been mentioned a few times the ASF SVN repo is not open for
>>> commits, so those who want this or to get started with it can play  with
>>> the attached patch (in a gzip file, BTW) until the SVN server is  ready
>>> for commits again.
>>>
>>> BTW, if the attachment doesn't make it through I'll try again in a  minute.
>>>
>>> -David
>>>
>>
>>
>>
>> --
>> Sebastian Schirmer
>>
>> ZYRES digital media systems GmbH
>> Eschersheimer Landstr. 5-7 60322 Frankfurt am Main
>> Phone +49 (0)69 98 55 99 - 0
>> Fax   +49 (0)69 98 55 99 - 11
>>
>> Firmensitz: Eschersheimer Landstr. 5-7 60322 Frankfurt am Main
>> Registergericht: Amtsgericht Frankfurt am Main, HRB 76374
>> Geschäftsführer: Martin Wepper, Sebastian Schirmer
>>
>> http://www.zyres.com/
>>
>> -- RFC|1855|2.1.1
>>
>>
>
>