[ https://ovirt-jira.atlassian.net/browse/OVIRT-768?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
eyal edri [Administrator] updated OVIRT-768: -------------------------------------------- Epic Link: OVIRT-403 > Decomission of MD5 Password Hashes for Infra Users > -------------------------------------------------- > > Key: OVIRT-768 > URL: https://ovirt-jira.atlassian.net/browse/OVIRT-768 > Project: oVirt - virtualization made easy > Issue Type: By-EMAIL > Reporter: Anton Marchukov > Assignee: infra > > During the work of moving password parameters from foreman to internal > hiera I noted that there are some users that still have their passwords > hashed by MD5 algorithm. > MD5 has known crypto research that make it no longer suitable for storing > passwords securely: > https://en.wikipedia.org/wiki/MD5#Security (and corresponding links). > While the hashes are stored in internal repo it is still shared and prone > to information leaks. We should ask all users to rehash their passwords > with SHA-512 and when it is done we can remove MD5 exception > in site/ovirt_infra/manifests/user.pp so MD5 hashed passwords are no > longer accepted. > The current list of users left is available in infra-hiera repo. > -- > Anton Marchukov > Senior Software Engineer - RHEV CI - Red Hat -- This message was sent by Atlassian JIRA (v1000.482.6#100017) _______________________________________________ Infra mailing list Infra@ovirt.org http://lists.ovirt.org/mailman/listinfo/infra