Uploaded image for project: 'camunda BPM'
  1. camunda BPM
  2. CAM-6311

User passwords are stored hashed with SHA-1

    XMLWordPrintable

Details

    • Task
    • Resolution: Won't Fix
    • L3 - Default
    • None
    • None
    • engine
    • None

    Description

      Using SHA-1 for cryptographic purposes is not recommended anymore since it is becoming cheaper to find hash collisions (i.e. any two values that produce the same hash). This is not an acute problem, since this is not equivalent to finding a clear text password that produces the same hash for a given hash, or even finding the clear text password for a hash. Yet, it is an indicator for SHA-1 becoming weaker. We could switch to SHA-256 which is considered more safe.

      Related documents:

      Or use bcrypt (or any other "slow" hashing function)

      mgm-controller-panel

        This is the controller panel for Smart Panels app

        Attachments

          Issue Links

            duplicates

            Task - A task that needs to be done. CAM-6310 Use Stronger Hashing for Passwords

            • L3 - Default - Minor issue or issue with existing workaround, feature requests and questions
            • Closed
            is related to

            Task - A task that needs to be done. CAM-7300 Process Engine should use strongest hashing algorithm available in JDK for passwords

            • L3 - Default - Minor issue or issue with existing workaround, feature requests and questions
            • Closed

            Activity

              People

                Unassigned Unassigned
                thorben.lindhauer Thorben Lindhauer
                Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Salesforce