The install still ominously reads:

Please see CWD-3812 for clarification.

Can you please elaborate on the fact that bcrypt is "a widely-supported option"?

The install still ominously reads:

"For compatibility between Atlassian products you must use ATLASSIAN-SECURITY."

I really would prefer to use bcrypt, but it's more than a bit unclear which incompatibilities I would encounter?

As of 2.1.0, the default is Atlassian-Security (PKCS5S2, with random salt), so I'm closing this as obsolete. We also support bcrypt (CWD-2810) as a widely-supported option, but there are no plans to make it the default.

Hello Brendan,

I'm sorry to tell you, that we got it never implemented. It had taken to much time, so I exported the users from the database (mysql), generated new passwords and imported them over the crowd importer. It has only affected about 30 people, so it wasn't such a big problem in our case.

Hi,

Did you ever get this plugin to Crowd implemented?

thanks,
Brendan

Thanks for the hint. It worked.
Now I created a class CustomSha1PasswordEncoder implementing the LdapPasswordEncoder interface.
I tried to deploy, with pi, using the atlasin-cli, but I still get the same error, saying:
CustomSha1PasswordEncoder cannot be cast to com.atlassian.crowd.password.encoder.PasswordEncoder.
Is there a fault in my development environment?

By the way, the link from Jeff linking the SHA512 hash scheme for OpenLDAP is down. Any way to get to the sources?

Remember that as Jeff said 'Atlassian-SHA1', is actually SHA512 (i.e. SHA2, but unsalted).

If you want to use your own password encryption you should depend on the following module:

<dependency>
    <groupId>com.atlassian.crowd</groupId>
    <artifactId>crowd-password-encoders</artifactId>
    <version>2.0.4</version>
</dependency>

Password encoders are plugins and use marker interfaces, I would suggest having a look at a few of the examples in the source. Here is an example taken from the atlassian-plugin.xml for the system password encoders. Also note that the password encoders are Plugins 1 plugins.

    <encoder key="md5" name="MD5 Password Encoder" class="com.atlassian.crowd.password.encoder.LdapMd5PasswordEncoder">
        <description>LDAP based MD5 encoder that pre-appends {MD5} to the password string</description>
    </encoder>

I want to write this plugin for crowd, but i need the password encoder interface.
Can you tell me which Maven Depedency I need?

Thanks

No. When we bind that new user, we a pre-encode password. If we do not, the password will simply be added to the user as plaintext.

To have the "Atlassian-SHA1" password appear in the dropdown for OpenLDAP, the implementation would need to be extended and implement the marker interface:

com.atlassian.crowd.password.encoder.LdapPasswordEncoder

You could actually write this as a very quick plugin since our password encoders are plugable.

> In other words, how do I convince the "Password Encryption" dropdown that my OpenLDAP server supports "atlassian-sha1" (aka SHA512)?

Perhaps a developer could comment. I'd be interested to know why Crowd even cares. Surely Crowd just gives the entered password to OpenLDAP, which takes care of hashing and comparing?