[jira] [Updated] (JAMES-1532) JPAUser database field too short for SHA-512 password hashes

Mon, 16 Dec 2013 05:39:58 -0800 

     [ 
https://issues.apache.org/jira/browse/JAMES-1532?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sebastian Tacke updated JAMES-1532:
-----------------------------------

    Description: 
The configuration supports setting the hash algorithm for user passwords to 
SHA-512. However SHA-512 hashes cannot be stored in the JPA user repository, 
because the field is too short.
http://svn.apache.org/repos/asf/james/server/trunk/data/data-jpa/src/main/java/org/apache/james/user/jpa/model/JPAUser.java
 sets the field length to 100:
/** Hashed password */
    @Basic
    @Column(name = "PASSWORD", nullable = false, length = 100)
    private String password;

The password hashes are hex encoded before they are stored to the database, so 
SHA-512 hashes take up (512/8)*2 = 128 characters.

  was:
The configuration supports setting the hash algorithm for user passwords to 
SHA-512. However SHA-512 hashes cannot be stored in the JPA user repository, 
because the field is too short.
[JPAUser|http://svn.apache.org/repos/asf/james/server/trunk/data/data-jpa/src/main/java/org/apache/james/user/jpa/model/JPAUser.java]
 sets the field length to 100:
{code}/** Hashed password */
    @Basic
    @Column(name = "PASSWORD", nullable = false, length = 100)
    private String password;{code}
The password hashes are hex encoded before they are stored to the database, so 
SHA-512 hashes take up (512/8)*2 = 128 characters.


> JPAUser database field too short for SHA-512 password hashes
> ------------------------------------------------------------
>
>                 Key: JAMES-1532
>                 URL: https://issues.apache.org/jira/browse/JAMES-1532
>             Project: James Server
>          Issue Type: Bug
>          Components: UsersStore & UsersRepository
>    Affects Versions: 3.0-beta4
>            Reporter: Sebastian Tacke
>              Labels: password
>
> The configuration supports setting the hash algorithm for user passwords to 
> SHA-512. However SHA-512 hashes cannot be stored in the JPA user repository, 
> because the field is too short.
> http://svn.apache.org/repos/asf/james/server/trunk/data/data-jpa/src/main/java/org/apache/james/user/jpa/model/JPAUser.java
>  sets the field length to 100:
> /** Hashed password */
>     @Basic
>     @Column(name = "PASSWORD", nullable = false, length = 100)
>     private String password;
> The password hashes are hex encoded before they are stored to the database, 
> so SHA-512 hashes take up (512/8)*2 = 128 characters.



--
This message was sent by Atlassian JIRA
(v6.1.4#6159)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to