[BAM-7403] Implement salting of user passwords

Type: Suggestion
Resolution: Fixed
Fix Version/s: 4.3
Component/s: Security
Labels:

Feedback Policy:

Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

Salting and Hashing of user passwords will require us to provide an upgrade path for users since all existing passwords will become invalid. This change should use the atlassian-security password encode library (SEC-1)

copied to: BDEV-1042 Failed to load

James Dumay added a comment - 11/Oct/2012 11:10 PM

Hi there,

We are happy to announce that this feature will be available in Bamboo 4.3 which is due out in the next few weeks.

Thanks for all the comments and votes!

Cheers,
James Dumay
Product Manager

James Dumay added a comment - 11/Oct/2012 11:10 PM Hi there, We are happy to announce that this feature will be available in Bamboo 4.3 which is due out in the next few weeks. Thanks for all the comments and votes! Cheers, James Dumay Product Manager

James Dumay added a comment - 21/Jun/2012 1:46 AM

I've added this as a candidate to fix for 4.3.

James Dumay added a comment - 21/Jun/2012 1:46 AM I've added this as a candidate to fix for 4.3.

VitalyA added a comment - 19/Jun/2012 2:32 AM

Hashing is obviously implemented, for a long time.

VitalyA added a comment - 19/Jun/2012 2:32 AM Hashing is obviously implemented, for a long time.

MarkC added a comment - 26/Feb/2012 11:55 PM

Had a chat to Matt R + Matt Q., Atlassian security uses per password salting.

MarkC added a comment - 26/Feb/2012 11:55 PM Had a chat to Matt R + Matt Q., Atlassian security uses per password salting.

VitalyA added a comment - 24/Feb/2012 12:09 AM

How does atlassian-security salting work? I know it uses a per-instance salt value, where is the value stored? Is it easily extractable, i.e. given a set of encrypted files, is it easy to construct a rainbow table set?

VitalyA added a comment - 24/Feb/2012 12:09 AM How does atlassian-security salting work? I know it uses a per-instance salt value, where is the value stored? Is it easily extractable, i.e. given a set of encrypted files, is it easy to construct a rainbow table set?

Assignee:: Unassigned

Reporter:: jens

Votes:: 1 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 25/Nov/2010 11:42 PM

Updated:: 19/Sep/2019 5:45 AM

Resolved:: 11/Oct/2012 11:10 PM

Details

Description

Attachments

Issue Links

Forms

Activity

Collapse comment: James Dumay added a comment - 11/Oct/2012 11:10 PM

Expand comment: James Dumay added a comment - 11/Oct/2012 11:10 PM

Collapse comment: James Dumay added a comment - 21/Jun/2012 1:46 AM

Expand comment: James Dumay added a comment - 21/Jun/2012 1:46 AM

Collapse comment: VitalyA added a comment - 19/Jun/2012 2:32 AM

Expand comment: VitalyA added a comment - 19/Jun/2012 2:32 AM

Collapse comment: MarkC added a comment - 26/Feb/2012 11:55 PM

Expand comment: MarkC added a comment - 26/Feb/2012 11:55 PM

Collapse comment: VitalyA added a comment - 24/Feb/2012 12:09 AM

Expand comment: VitalyA added a comment - 24/Feb/2012 12:09 AM

People

Dates