[jboss-jira] [JBoss JIRA] (JBAS-9541) Use a secure hashing algorithm in examples in the JBoss AS 6.0 Security Guide
David Jorm (JIRA)
jira-events at lists.jboss.org
Mon May 27 23:00:06 EDT 2013
David Jorm created JBAS-9541:
--------------------------------
Summary: Use a secure hashing algorithm in examples in the JBoss AS 6.0 Security Guide
Key: JBAS-9541
URL: https://issues.jboss.org/browse/JBAS-9541
Project: Application Server 3 4 5 and 6
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: Documentation
Affects Versions: 6.0.0.Final
Reporter: David Jorm
The JBoss AS 6.0 Security Guide includes an example of password hashing:
http://docs.jboss.org/jbosssecurity/docs/6.0/security_guide/html_single/#= [Open URL]
Using_JBoss_Login_Modules-Password_Hashing
Which uses unsalted MD5. This is an insecure hashing algorithm, vulnerable to known flaws. Please replace the example with a secure hashing algorithm, e.g. salted SHA-256.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list