[jira] [Created] (JAMES-1677) Upgrade the users hashing algorithm type

Ahmet Kaplan (JIRA) Thu, 28 Jan 2016 11:45:07 -0800

Ahmet Kaplan created JAMES-1677:
-----------------------------------

             Summary: Upgrade the users hashing algorithm type
                 Key: JAMES-1677
                 URL: https://issues.apache.org/jira/browse/JAMES-1677
             Project: James Server
          Issue Type: Improvement
            Reporter: Ahmet Kaplan
            Priority: Minor



User data models use different hashing algorithms:
JPA           -> MD5
JDBC        -> SHA
Cassandra -> SHA1
HBase       -> MD5
Memory     -> MD5
JCR           -> MD5

There are lots of hashing discussions such as 
http://stackoverflow.com/questions/20186354/best-practice-of-hashing-passwords/20186472#20186472
https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet
https://en.wikipedia.org/wiki/SHA-2
http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf

I offer SHA-256 for all user data models. 

P.S: Not exactly related but Google Chrome does not allow SHA1 at next year.
http://blog.chromium.org/2014/09/gradually-sunsetting-sha-1.html



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org
For additional commands, e-mail: server-dev-h...@james.apache.org

[jira] [Created] (JAMES-1677) Upgrade the users hashing algorithm type

Reply via email to