Ahmet Kaplan created JAMES-1677: ----------------------------------- Summary: Upgrade the users hashing algorithm type Key: JAMES-1677 URL: https://issues.apache.org/jira/browse/JAMES-1677 Project: James Server Issue Type: Improvement Reporter: Ahmet Kaplan Priority: Minor
User data models use different hashing algorithms: JPA -> MD5 JDBC -> SHA Cassandra -> SHA1 HBase -> MD5 Memory -> MD5 JCR -> MD5 There are lots of hashing discussions such as http://stackoverflow.com/questions/20186354/best-practice-of-hashing-passwords/20186472#20186472 https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet https://en.wikipedia.org/wiki/SHA-2 http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf I offer SHA-256 for all user data models. P.S: Not exactly related but Google Chrome does not allow SHA1 at next year. http://blog.chromium.org/2014/09/gradually-sunsetting-sha-1.html -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org For additional commands, e-mail: server-dev-h...@james.apache.org