Uploaded image for project: 'Sakai'
  1. Sakai
  2. SAK-39399

Upgrade password encryption algorithm for internal users

    XMLWordPrintable

    Details

    • Type: Feature Request
    • Status: RESOLVED
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 11.2
    • Fix Version/s: 12.0
    • Component/s: Kernel
    • Labels:
      None
    • Previous Issue Keys:
      KNL-1504

      Description

      Currently passwords store in the database are only encrypted with a salted SHA256 although this is much better than MD5 it's still vulnerable to bruteforce attacks. We should switch to something stronger. Options are:

      PBKDF2 - In JVM
      bcrypt - In Spring security and external library

      https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet

        Gliffy Diagrams

          Zeplin

            Attachments

              Activity

                People

                • Assignee:
                  buckett Matthew Buckett
                  Reporter:
                  buckett Matthew Buckett
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:

                    Git Integration