Uploaded image for project: 'Sakai'
  1. Sakai
  2. SAK-39399

Upgrade password encryption algorithm for internal users

    Details

    • Type: Feature Request
    • Status: RESOLVED
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 11.2
    • Fix Version/s: 12.0
    • Component/s: Kernel
    • Labels:
      None
    • Previous Issue Keys:
      KNL-1504

      Description

      Currently passwords store in the database are only encrypted with a salted SHA256 although this is much better than MD5 it's still vulnerable to bruteforce attacks. We should switch to something stronger. Options are:

      PBKDF2 - In JVM
      bcrypt - In Spring security and external library

      https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                buckett Matthew Buckett
                Reporter:
                buckett Matthew Buckett
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Git Source Code