[
http://mifosforge.jira.com/browse/MIFOS-4342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=67166#comment-67166
]
Mifos Hudson Jira Plugin User commented on MIFOS-4342:
------------------------------------------------------
Integrated in !http://ci.mifos.org/hudson/images/16x16/yellow.png!
[head-master-secondary
#360|http://ci.mifos.org/hudson/job/head-master-secondary/360/]
[MIFOS-4342] fix integration tests
Łukasz Domżalski :
Files :
*
application/src/test/java/org/mifos/customers/client/struts/action/ClientTransferActionStrutsTest.java
> Migrate to stronger password storage mechanism, resistant to modern cracking
> techniques
> ---------------------------------------------------------------------------------------
>
> Key: MIFOS-4342
> URL: http://mifosforge.jira.com/browse/MIFOS-4342
> Project: mifos
> Issue Type: Improvement
> Components: Authentication
> Affects Versions: Release E - Iteration 11
> Reporter: Adam Feuer
> Assignee: Łukasz Domżalski
> Priority: Major
> Labels: authentication, security
> Fix For: Release G
>
>
> Mifos stores passwords using the "salted(random) MD5 hash" storage, which is
> easy to break from computational point of view.
> The solution is to use a modern cryptography function specifically designed
> for passwords, such as OpenBSD's Blowfish password hashing.
> http://www.openbsd.org/papers/bcrypt-paper.ps
> OpenBSD's Blowfish password hashing has an adjustable "hardness" factor to
> enable the hardness of the cryptography to keep up with increasing computing
> power, making it considerably more difficult to crack a database of leaked
> passwords.
> For more information see:
> Java OpenBSD's Blowfish password hashing library, BSD license
> http://www.mindrot.org/projects/jBCrypt/
> Background info:
> http://paulbuchheit.blogspot.com/2007/09/quick-read-this-if-you-ever-store.html
> http://codahale.com/how-to-safely-store-a-password/#
> On the recent Gawker security breach, which involved the release of 1.3M
> accounts and passwords:
> http://www.duosecurity.com/blog/entry/brief_analysis_of_the_gawker_password_dump
> http://www.pcworld.com/businesscenter/article/213392/gawker_media_hacked_warns_users_to_change_passwords.html
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
Achieve unprecedented app performance and reliability
What every C/C++ and Fortran developer should know.
Learn how Intel has extended the reach of its next-generation tools
to help boost performance applications - inlcuding clusters.
http://p.sf.net/sfu/intel-dev2devmay
_______________________________________________
Mifos-issues mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mifos-issues
