Difference between revisions of "Password Hash"
From ADempiere
This Wiki is read-only for reference purposes to avoid broken links.
(Created page with '== Status == == Contributors == == Overview == == Purpose == == References == == Design Considerations == ===Assumptions=== ===Dependencies=== ===Constraints=== == Glossary…') |
(→Overview) |
||
Line 2: | Line 2: | ||
== Contributors == | == Contributors == | ||
== Overview == | == Overview == | ||
+ | |||
+ | User passwords should be stored in a non-recoverable form in case the database is compromised: | ||
+ | |||
+ | http://www.h-online.com/security/features/Storing-passwords-in-uncrackable-form-1255576.html | ||
+ | |||
+ | Adaxa has implemented password hashing based on the recommendations in | ||
+ | |||
+ | https://www.owasp.org/index.php/Hashing_Java | ||
+ | |||
+ | using a random salt and hashing with 1000 rounds of the SHA-512 algorithm. | ||
+ | |||
+ | Pushed to contribution_adaxa | ||
+ | |||
+ | http://adempiere.hg.sourceforge.net/hgweb/adempiere/contribution_adaxa/rev/6d9090d8a9f6 | ||
+ | |||
+ | Testing and comments welcomed. | ||
+ | |||
== Purpose == | == Purpose == | ||
== References == | == References == |
Revision as of 23:26, 7 June 2013
Contents
- 1 Status
- 2 Contributors
- 3 Overview
- 4 Purpose
- 5 References
- 6 Design Considerations
- 7 Glossary
- 8 Functional Requirements
- 9 Acceptance criteria
- 10 QA and test cases
- 11 Development infrastructure
- 12 Technical Requirements
- 13 Data Requirements
- 14 Non-Functional Requirements
- 15 Open Discussion Items
- 16 Closed Discussion Items
Status
Contributors
Overview
User passwords should be stored in a non-recoverable form in case the database is compromised:
http://www.h-online.com/security/features/Storing-passwords-in-uncrackable-form-1255576.html
Adaxa has implemented password hashing based on the recommendations in
https://www.owasp.org/index.php/Hashing_Java
using a random salt and hashing with 1000 rounds of the SHA-512 algorithm.
Pushed to contribution_adaxa
http://adempiere.hg.sourceforge.net/hgweb/adempiere/contribution_adaxa/rev/6d9090d8a9f6
Testing and comments welcomed.