I apologize for jumping into this conversation late, but I am new to the developer mailing list. Why would we choose SHA256+salt over SHA512+salt? SHA512+salt's storage is insignificant when compared to SHA256 and the chances of a birthday attack are significantly reduced. As a security professional I would argue for the best possible hashing algorithm available, especially when there is little to no cost.
Justin On Mar 29, 2013, at 6:00 PM, "Min Chen" <min.c...@citrix.com> wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/10039/#review18548 > ----------------------------------------------------------- > > > > client/tomcatconf/componentContext.xml.in > <https://reviews.apache.org/r/10039/#comment38873> > > This componentContext.xml.in and nonossComponentContext.xml.in should be > put into applicationContext.xml since they are the same for nonoss and oss > versions. > > > - Min Chen > > > On March 28, 2013, 8:26 p.m., Venkata Siva Vijayendra Bhamidipati wrote: >> >> ----------------------------------------------------------- >> This is an automatically generated e-mail. To reply, visit: >> https://reviews.apache.org/r/10039/ >> ----------------------------------------------------------- >> >> (Updated March 28, 2013, 8:26 p.m.) >> >> >> Review request for cloudstack, Hugo Trippaers, Kelven Yang, and Min Chen. >> >> >> Description >> ------- >> >> Changing default password encoding mechanism from MD5 to SHA256Salted. >> >> >> This addresses bug CS-1734. >> >> >> Diffs >> ----- >> >> >> api/src/org/apache/cloudstack/api/command/admin/account/CreateAccountCmd.java >> 89673ea >> api/src/org/apache/cloudstack/api/command/admin/user/CreateUserCmd.java >> fb29e1a >> api/src/org/apache/cloudstack/api/command/admin/user/UpdateUserCmd.java >> 1f31662 >> client/tomcatconf/componentContext.xml.in 016df0a >> client/tomcatconf/nonossComponentContext.xml.in 8f8dae5 >> developer/developer-prefill.sql 6300d35 >> >> plugins/user-authenticators/ldap/src/com/cloud/server/auth/LDAPUserAuthenticator.java >> 61eebe5 >> >> plugins/user-authenticators/md5/src/com/cloud/server/auth/MD5UserAuthenticator.java >> 026125e >> >> plugins/user-authenticators/plain-text/src/com/cloud/server/auth/PlainTextUserAuthenticator.java >> 52e7cb3 >> >> plugins/user-authenticators/sha256salted/src/com/cloud/server/auth/SHA256SaltedUserAuthenticator.java >> 1b29f69 >> server/src/com/cloud/server/ManagementServerImpl.java b689f93 >> server/src/com/cloud/user/AccountManagerImpl.java b69f314 >> >> Diff: https://reviews.apache.org/r/10039/diff/ >> >> >> Testing >> ------- >> >> Manual testing done for both oss and nonoss components. Both admin and users >> added later are encoded according to the scheme configured, and >> authenticated by the same scheme. >> >> To change the order of the schemes, modify the following list properties in >> client/tomcatconf/nonossComponentContext.xml.in or >> client/tomcatconf/componentContext.xml.in as applicable, to the desired >> order: >> >> <property name="UserAuthenticators"> >> <list> >> <ref bean="SHA256SaltedUserAuthenticator"/> >> <ref bean="MD5UserAuthenticator"/> >> <ref bean="LDAPUserAuthenticator"/> >> <ref bean="PlainTextUserAuthenticator"/> >> </list> >> </property> >> >> <property name="UserPasswordEncoders"> >> <list> >> <ref bean="SHA256SaltedUserAuthenticator"/> >> <ref bean="MD5UserAuthenticator"/> >> <ref bean="LDAPUserAuthenticator"/> >> <ref bean="PlainTextUserAuthenticator"/> >> </list> >> >> >> Thanks, >> >> Venkata Siva Vijayendra Bhamidipati >
