Salt PasswordAuthentication --------------------------- Key: DS-861 URL: https://jira.duraspace.org/browse/DS-861 Project: DSpace Issue Type: Improvement Components: DSpace API Affects Versions: 1.7.0 Reporter: Alex Lemann
DSpace does not store and use salted hash passwords for local database based authentication (PasswordAuthentication). This constitutes a security risk in that given a database dump an attacker can more easily crack passwords using a rainbow table. For more information see the wikipedia article on salting password hashes: http://en.wikipedia.org/wiki/Salt_(cryptography) Possible Tasks: Create new configuration parameter for the salt value Automatically generate a securely random hash for new projects Document new configuration option & install information Store salted hashes in passwords in DB Use salt for authentication -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.duraspace.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira ------------------------------------------------------------------------------ Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar _______________________________________________ Dspace-devel mailing list Dspace-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-devel