Uploaded image for project: 'camunda BPM'
  1. camunda BPM
  2. CAM-6311

User passwords are stored hashed with SHA-1

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Won't Fix
    • Icon: L3 - Default L3 - Default
    • None
    • None
    • engine
    • None

      Using SHA-1 for cryptographic purposes is not recommended anymore since it is becoming cheaper to find hash collisions (i.e. any two values that produce the same hash). This is not an acute problem, since this is not equivalent to finding a clear text password that produces the same hash for a given hash, or even finding the clear text password for a hash. Yet, it is an indicator for SHA-1 becoming weaker. We could switch to SHA-256 which is considered more safe.

      Related documents:

      Or use bcrypt (or any other "slow" hashing function)

        This is the controller panel for Smart Panels app

              Unassigned Unassigned
              thorben.lindhauer Thorben Lindhauer
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: