Uploaded image for project: 'OpenOLAT'
  1. OpenOLAT
  2. OO-698

Use a salted hash when storing user login passwords

    XMLWordPrintable

    Details

      Description

      Currently passwords are stored using an MD5 one-way hashing algorithm. The password is not stored in clear text, however using rainbow tables it is very easy to get a password that matches with the MD5 algorithm.

      Solution:

      • Use a salted hash
      • Use SHA-512, SHA-256 or SHA-1 hashing algorithm
      • Migrate existing passwords without salt on-the-fly

        Attachments

          Activity

            People

            Assignee:
            srosse Stéphane Rossé
            Reporter:
            gnaegi Florian Gnägi
            Tester:
            Florian Gnägi
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Due:
              Created:
              Updated:
              Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 2 days, 7 hours
                2d 7h
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 1 day, 2 hours Time Not Required
                1d 2h