[
https://ovirt-jira.atlassian.net/browse/OVIRT-768?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Anton Marchukov updated OVIRT-768:
----------------------------------
Resolution: Won't Fix
Status: Done (was: To Do)
> Decomission of MD5 Password Hashes for Infra Users
> --------------------------------------------------
>
> Key: OVIRT-768
> URL: https://ovirt-jira.atlassian.net/browse/OVIRT-768
> Project: oVirt - virtualization made easy
> Issue Type: Improvement
> Reporter: Anton Marchukov
> Assignee: infra
>
> During the work of moving password parameters from foreman to internal
> hiera I noted that there are some users that still have their passwords
> hashed by MD5 algorithm.
> MD5 has known crypto research that make it no longer suitable for storing
> passwords securely:
> https://en.wikipedia.org/wiki/MD5#Security (and corresponding links).
> While the hashes are stored in internal repo it is still shared and prone
> to information leaks. We should ask all users to rehash their passwords
> with SHA-512 and when it is done we can remove MD5 exception
> in site/ovirt_infra/manifests/user.pp so MD5 hashed passwords are no
> longer accepted.
> The current list of users left is available in infra-hiera repo.
> --
> Anton Marchukov
> Senior Software Engineer - RHEV CI - Red Hat
--
This message was sent by Atlassian Jira
(v1001.0.0-SNAPSHOT#100098)
_______________________________________________
Infra mailing list -- infra@ovirt.org
To unsubscribe send an email to infra-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/infra@ovirt.org/message/UPWLUBQVZER6JEAB4RAWXHGC7YUJFX6G/
