NF12 Improve Password Hashing

From iDempiere en

Feature: Improve Password Hashing

Goal: Security

Developer: Carlos Ruiz Heng Sin

Description:

Currently password hashing is using SHA-512 and salt is generated using SHA1PRNG random generator and 64 bytes.

This ticket make the following changes to improve the security of password hashing in iDempiere:

  • Generate salt using the DRBG algorithm and 256 bit strength.
  • Add support for PBKDF2 and Argon2 hashing algorithm.


Changes:

1. Added USER_PASSWORD_HASH_ALGORITHM System Configurator entry. Supported values are SHA-512, PBKDF2 and Argon2. USER_PASSWORD_HASH_ALGORITHM

2. Added Password Hash Algorithm parameter to the Convert passwords to hashes process. Convert password to hashes process

Migration of existing SHA-512 hashes:

  • Change USER_PASSWORD_HASH_ALGORITHM System Configurator entry to PBKDF2 or Argon2, reset cache.
  • User's password will be rehashed using the newly set algorithm when they login next time.


Technical Info: IDEMPIERE-6712

Retrieved from "https://wiki.idempiere.org/w-en/index.php?title=NF12_Improve_Password_Hashing&oldid=23551"
Cookies help us deliver our services. By using our services, you agree to our use of cookies.
GNU-Lizenz für freie Dokumentation 1.3 oder höher
Powered by MediaWiki