Password Hash
From ADempiere
This Wiki is read-only for reference purposes to avoid broken links.
Contents
- 1 Status
- 2 Contributors
- 3 Overview
- 4 Purpose
- 5 References
- 6 Design Considerations
- 7 Glossary
- 8 Functional Requirements
- 9 Acceptance criteria
- 10 QA and test cases
- 11 Development infrastructure
- 12 Technical Requirements
- 13 Data Requirements
- 14 Non-Functional Requirements
- 15 Open Discussion Items
- 16 Closed Discussion Items
Status
Contributors
Overview
User passwords should be stored in a non-recoverable form in case the database is compromised:
http://www.h-online.com/security/features/Storing-passwords-in-uncrackable-form-1255576.html
Adaxa has implemented password hashing based on the recommendations in
https://www.owasp.org/index.php/Hashing_Java
using a random salt and hashing with 1000 rounds of the SHA-512 algorithm.
Pushed to contribution_adaxa
http://adempiere.hg.sourceforge.net/hgweb/adempiere/contribution_adaxa/rev/6d9090d8a9f6
Testing and comments welcomed.