Uploaded image for project: 'OpenOLAT'
  1. OpenOLAT
  2. OO-698

Use a salted hash when storing user login passwords

    XMLWordPrintable

    Details

      Description

      Currently passwords are stored using an MD5 one-way hashing algorithm. The password is not stored in clear text, however using rainbow tables it is very easy to get a password that matches with the MD5 algorithm.

      Solution:

      • Use a salted hash
      • Use SHA-512, SHA-256 or SHA-1 hashing algorithm
      • Migrate existing passwords without salt on-the-fly

        Attachments

          Activity

            People

            • Assignee:
              srosse Stéphane Rossé
              Reporter:
              gnaegi Florian Gnägi
              Tester:
              Florian Gnägi
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Due:
                Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 2 days, 7 hours
                2d 7h
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 1 day, 2 hours Time Not Required
                1d 2h