Jacques Le Roux created OFBIZ-9150:
--------------------------------------
Summary: Create a tool to hashes all our OOTB passwords using PBKDF2_SHA512
Key: OFBIZ-9150
URL:
https://issues.apache.org/jira/browse/OFBIZ-9150 Project: OFBiz
Issue Type: Sub-task
Components: framework
Reporter: Jacques Le Roux
Priority: Minor
Currently we use SHA1 for our OOTB passwords hashes and they are not salted. If you create new passwords they will still use SHA1 but they will be salted, which is good.
But we should better provide SHA-512 OOTB hashes instead of SHA-1. And use SHA-512 as default encrypting method (even for fields), with at least 10 000 iterations, to lead our users to the best solution.
We should also provide a simple and easy documentation about that. So far we have this discussion
http://markmail.org/message/yqybsqzigrqbyxgfI suggest to improve/enhance
https://cwiki.apache.org/confluence/display/OFBIZ/How+to+secure+your+deployment--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
Locked
