User passwords are stored hashed with SHA-1

XMLWordPrintable

    • Type: Task
    • Resolution: Won't Fix
    • Priority: L3 - Default
    • None
    • Affects Version/s: None
    • Component/s: engine
    • None

      Using SHA-1 for cryptographic purposes is not recommended anymore since it is becoming cheaper to find hash collisions (i.e. any two values that produce the same hash). This is not an acute problem, since this is not equivalent to finding a clear text password that produces the same hash for a given hash, or even finding the clear text password for a hash. Yet, it is an indicator for SHA-1 becoming weaker. We could switch to SHA-256 which is considered more safe.

      Related documents:

      Or use bcrypt (or any other "slow" hashing function)

        This is the controller panel for Smart Panels app

              Assignee:
              Unassigned
              Reporter:
              Thorben Lindhauer
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: