10:42 a.m.
Hi,
We would like to switch encryption algorigthm for user passwords in GateIn.
https://docs.jboss.org/author/display/GTNPORTAL36/Password+Encryption#Pas...
MD5 is becoming outdated and is considered weak nowadays. We would like
to use SHA-256 with random salts as showed in the doc above.
Major downside is that it will break compatibility with already
populated DB. Users would still be able to change the config back to MD5
as part of migration process. We would mention it in the docs.
Any objections?
10:47 a.m.
Pasted wrong link. We want to use this one by default:
https://docs.jboss.org/author/display/GTNPORTAL36/Password+Encryption#Pas...
On 05/28/2013 10:42 AM, Bolesław Dawidowicz wrote:
Hi,
We would like to switch encryption algorigthm for user passwords in GateIn.
https://docs.jboss.org/author/display/GTNPORTAL36/Password+Encryption#Pas...
MD5 is becoming outdated and is considered weak nowadays. We would like
to use SHA-256 with random salts as showed in the doc above.
Major downside is that it will break compatibility with already
populated DB. Users would still be able to change the config back to MD5
as part of migration process. We would mention it in the docs.
Any objections?
_______________________________________________
gatein-dev mailing list
gatein-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/gatein-dev
11:59 a.m.
looks fine for us.
On May 28, 2013, at 10:47 AM, Bolesław Dawidowicz <bdawidow(a)redhat.com> wrote:
Pasted wrong link. We want to use this one by default:
https://docs.jboss.org/author/display/GTNPORTAL36/Password+Encryption#Pas...
On 05/28/2013 10:42 AM, Bolesław Dawidowicz wrote:
> Hi,
>
> We would like to switch encryption algorigthm for user passwords in GateIn.
>
>
https://docs.jboss.org/author/display/GTNPORTAL36/Password+Encryption#Pas...
>
> MD5 is becoming outdated and is considered weak nowadays. We would like
> to use SHA-256 with random salts as showed in the doc above.
>
> Major downside is that it will break compatibility with already
> populated DB. Users would still be able to change the config back to MD5
> as part of migration process. We would mention it in the docs.
>
> Any objections?
> _______________________________________________
> gatein-dev mailing list
> gatein-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/gatein-dev
>
_______________________________________________
gatein-dev mailing list
gatein-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/gatein-dev
3992
days inactive
3992
days old
2 comments
2 participants
participants (2)
-
Bolesław Dawidowicz -
Julien Viet