[ https://issues.apache.org/jira/browse/JAMES-1677?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15122219#comment-15122219 ]
Matthieu Baechler commented on JAMES-1677: ------------------------------------------ This contribution would be very welcome. I don't know why it would be related to backend, I think it's orthogonal, don't you think ? > Upgrade the users hashing algorithm type > ---------------------------------------- > > Key: JAMES-1677 > URL: https://issues.apache.org/jira/browse/JAMES-1677 > Project: James Server > Issue Type: Improvement > Reporter: Ahmet Kaplan > Priority: Minor > Labels: security > > User data models use different hashing algorithms: > JPA -> MD5 > JDBC -> SHA > Cassandra -> SHA1 > HBase -> MD5 > Memory -> MD5 > JCR -> MD5 > There are lots of hashing discussions such as > http://stackoverflow.com/questions/20186354/best-practice-of-hashing-passwords/20186472#20186472 > https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet > https://en.wikipedia.org/wiki/SHA-2 > http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf > I offer SHA-256 for all user data models. > P.S: Not exactly related but Google Chrome does not allow SHA1 at next year. > http://blog.chromium.org/2014/09/gradually-sunsetting-sha-1.html -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org For additional commands, e-mail: server-dev-h...@james.apache.org