[
https://jira.duraspace.org/browse/DS-861?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mark H. Wood updated DS-861:
----------------------------
Status: Open (was: Received)
> Salt PasswordAuthentication
> ---------------------------
>
> Key: DS-861
> URL: https://jira.duraspace.org/browse/DS-861
> Project: DSpace
> Issue Type: Improvement
> Components: DSpace API
> Affects Versions: 1.7.0
> Reporter: Alex Lemann
>
> DSpace does not store and use salted hash passwords for local database based
> authentication (PasswordAuthentication). This constitutes a security risk in
> that given a database dump an attacker can more easily crack passwords using
> a rainbow table. For more information see the wikipedia article on salting
> password hashes:
> http://en.wikipedia.org/wiki/Salt_(cryptography)
> Possible Tasks:
> Create new configuration parameter for the salt value
> Automatically generate a securely random hash for new projects
> Document new configuration option & install information
> Store salted hashes in passwords in DB
> Use salt for authentication
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.duraspace.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
Create and publish websites with WebMatrix
Use the most popular FREE web apps or write code yourself;
WebMatrix provides all the features you need to develop and
publish your website. http://p.sf.net/sfu/ms-webmatrix-sf
_______________________________________________
Dspace-devel mailing list
Dspace-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-devel
