Uploaded image for project: 'Hippo Repository'
  1. Hippo Repository
  2. REPO-1481

[backport-3.2] Set default password encryption to SHA-256

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.2.3
    • Similar issues:
    • Flagged:
      Flagged
    • Processed by team:
      Turing
    • Sprint:
      Turing sprint 130

      Description

      Within [the documentation](http://www.onehippo.org/library/concepts/security/users.html) we describe the password encryption process in the CMS, however by default the CMS is using SHA-1 to encrypt new passwords while existing passwords can be unencrypted using any of the supported listed methods.
      It is agreed with PM Stakeholders, that we should change this to SHA-256 for 10.2 and 11 of the CMS so that new passwords will use the later method.
      Should any other customers request this also, then we would be willing to backport this change to any supported (non-EOL) CMS version.
      Jouke Jacobi do you have anything to add to this issue related to the requirements from Client?
      Hippo Client Service Team are you able to pick this up in one of the next couple of upcoming sprints?

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                abanck Arent-Jan Banck
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: