t; >>
> >> Martin,
> >>
> >> I agree that is odd, and not a good thing, and I'm really not sure
> why
> >> it is there or how it got there in the first place.
> >>
> >> It sounds like the proposal is to remove HashCrypt.java lines 52-5
ed. This does seem to be the
> case in StringUtil.encodeInt().
>
> We also talked about a "pluggable security system" to easily replace
> that OFBiz-specific chunk.
> Not sure if this is done yet.
>
> Jonathon
>
> Martin Wepper wrote:
> &g
re any impact on vulnerability of stored hashes created by ofbiz?
Martin
--
Martin Wepper
ZYRES digital media systems GmbH
Eschersheimer Landstr. 5-7 60322 Frankfurt am Main
Phone +49 (0)69 98 55 99 - 0
Fax +49 (0)69 98 55 99 - 11
Firmensitz: Eschersheimer Landstr. 5-7 60322 Frankfurt am
Conclusion: the hashes in customer dbs are not really compatible with other
sha1 implementations today, bad for SSO.
Is there any impact on vulnerability of stored hashes created by ofbiz?
Martin
--
Martin Wepper
ZYRES digital media systems GmbH
Eschersheimer Landstr. 5-7 60322 Frankfurt