Details
-
Improvement
-
Status: Closed
-
Normal
-
Resolution: Fixed
-
None
-
None
-
Flagged
-
Turing sprint 130
Description
Within [the documentation](http://www.onehippo.org/library/concepts/security/users.html) we describe the password encryption process in the CMS, however by default the CMS is using SHA-1 to encrypt new passwords while existing passwords can be unencrypted using any of the supported listed methods.
It is agreed with PM Stakeholders, that we should change this to SHA-256 for 10.2 and 11 of the CMS so that new passwords will use the later method.
Should any other customers request this also, then we would be willing to backport this change to any supported (non-EOL) CMS version.
Jouke Jacobi do you have anything to add to this issue related to the requirements from Client?
Hippo Client Service Team are you able to pick this up in one of the next couple of upcoming sprints?
Attachments
Issue Links
- is a backport of
-
REPO-1473 Set default password encryption to SHA-256
- Closed