Uploaded image for project: '[Read Only] - Hippo Repository'
  1. [Read Only] - Hippo Repository
  2. REPO-1473

Set default password encryption to SHA-256

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.0.0
    • Component/s: None
    • Similar issues:
    • Flagged:
      Flagged
    • Sprint:
      Turing sprint 130

      Description

      Within [the documentation](http://www.onehippo.org/library/concepts/security/users.html) we describe the password encryption process in the CMS, however by default the CMS is using SHA-1 to encrypt new passwords while existing passwords can be unencrypted using any of the supported listed methods.
      It is agreed with PM Stakeholders, that we should change this to SHA-256 for 10.2 and 11 of the CMS so that new passwords will use the later method.
      Should any other customers request this also, then we would be willing to backport this change to any supported (non-EOL) CMS version.
      Jouke Jacobi do you have anything to add to this issue related to the requirements from Client?
      Hippo Client Service Team are you able to pick this up in one of the next couple of upcoming sprints?

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                mmilicevic Marijan Milicevic
              • Votes:
                0 Vote for this issue
                Watchers:
                9 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: