[jira] [Commented] (JAMES-1677) Upgrade the users hashing algorithm type

Matthieu Baechler (JIRA) Thu, 28 Jan 2016 11:56:05 -0800

    [ 
https://issues.apache.org/jira/browse/JAMES-1677?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15122219#comment-15122219
 ]


Matthieu Baechler commented on JAMES-1677:
------------------------------------------

This contribution would be very welcome. I don't know why it would be related 
to backend, I think it's orthogonal, don't you think ?

> Upgrade the users hashing algorithm type
> ----------------------------------------
>
>                 Key: JAMES-1677
>                 URL: https://issues.apache.org/jira/browse/JAMES-1677
>             Project: James Server
>          Issue Type: Improvement
>            Reporter: Ahmet Kaplan
>            Priority: Minor
>              Labels: security
>
> User data models use different hashing algorithms:
> JPA           -> MD5
> JDBC        -> SHA
> Cassandra -> SHA1
> HBase       -> MD5
> Memory     -> MD5
> JCR           -> MD5
> There are lots of hashing discussions such as 
> http://stackoverflow.com/questions/20186354/best-practice-of-hashing-passwords/20186472#20186472
> https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet
> https://en.wikipedia.org/wiki/SHA-2
> http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf
> I offer SHA-256 for all user data models. 
> P.S: Not exactly related but Google Chrome does not allow SHA1 at next year.
> http://blog.chromium.org/2014/09/gradually-sunsetting-sha-1.html



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org
For additional commands, e-mail: server-dev-h...@james.apache.org

[jira] [Commented] (JAMES-1677) Upgrade the users hashing algorithm type

Reply via email to