-
Suggestion
-
Resolution: Fixed
-
None
LdapSshaPasswordEncoder uses a site-wide salt value. This is enough to prevent cracking passwords with hashes from another instance, but random salt would improve resistance to a site-wide attempt at password cracking, as well as hiding cases of password collision between users.
[CWD-3104] Use a random salt for SSHA password encoding
| Workflow | Original: JAC Suggestion Workflow [ 3388279 ] | New: JAC Suggestion Workflow 3 [ 3630157 ] |
| Status | Original: RESOLVED [ 5 ] | New: Closed [ 6 ] |
| Workflow | Original: Simplified Crowd Development Workflow v2 [ 1391829 ] | New: JAC Suggestion Workflow [ 3388279 ] |
| Issue Type | Original: Improvement [ 4 ] | New: Suggestion [ 10000 ] |
| Workflow | Original: Crowd Development Workflow v2 [ 461083 ] | New: Simplified Crowd Development Workflow v2 [ 1391829 ] |
| Remote Link | New: This issue links to "Wiki Page (Extranet)" [ 38061 ] |
| Fix Version/s | New: 2.6.1 [ 30697 ] | |
| Resolution | New: Fixed [ 1 ] | |
| Status | Original: Technical Review [ 10028 ] | New: Resolved [ 5 ] |
| Status | Original: In Progress [ 3 ] | New: Technical Review [ 10028 ] |
| Status | Original: Open [ 1 ] | New: In Progress [ 3 ] |
| Assignee | New: joe [ jwalton ] |