[CMS-9995] Set default password encryption to SHA-256 - Issues

XML

Word

Printable

Details

Type: Improvement
Status: Closed
Priority: High
Resolution: Duplicate
Affects Version/s: None
Fix Version/s: None
Component/s: None
Labels:
- client-service-team

Description

Within [the documentation](http://www.onehippo.org/library/concepts/security/users.html) we describe the password encryption process in the CMS, however by default the CMS is using SHA-1 to encrypt new passwords while existing passwords can be unencrypted using any of the supported listed methods.

It is agreed with PM Stakeholders, that we should change this to SHA-256 for 10.2 and 11 of the CMS so that new passwords will use the later method.

Should any other customers request this also, then we would be willing to backport this change to any supported (non-EOL) CMS version.

jjacobi do you have anything to add to this issue related to the requirements from Client?

clientserviceteam are you able to pick this up in one of the next couple of upcoming sprints?

Attachments

Issue Links

duplicates

REPO-1473 Set default password encryption to SHA-256

Closed

Activity

People

Assignee:: Unassigned

Reporter:: Adrian Collier (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: 24/Mar/16 1:01 PM

Updated:: 29/Apr/16 4:22 PM

Resolved:: 29/Apr/16 4:22 PM