[
https://jira.duraspace.org/browse/DS-861?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=27088#comment-27088
]
Ivan Masár commented on DS-861:
-------------------------------
This was the pull request:
https://github.com/DSpace/DSpace/pull/41
> Salt PasswordAuthentication
> ---------------------------
>
> Key: DS-861
> URL: https://jira.duraspace.org/browse/DS-861
> Project: DSpace
> Issue Type: Improvement
> Components: DSpace API
> Affects Versions: 1.7.0
> Reporter: Alex Lemann
> Assignee: Mark H. Wood
> Fix For: 3.0
>
>
> DSpace does not store and use salted hash passwords for local database based
> authentication (PasswordAuthentication). This constitutes a security risk in
> that given a database dump an attacker can more easily crack passwords using
> a rainbow table. For more information see the wikipedia article on salting
> password hashes:
> http://en.wikipedia.org/wiki/Salt_(cryptography)
> Possible Tasks:
> Create new configuration parameter for the salt value
> Automatically generate a securely random hash for new projects
> Document new configuration option & install information
> Store salted hashes in passwords in DB
> Use salt for authentication
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
Keep yourself connected to Go Parallel:
VERIFY Test and improve your parallel project with help from experts
and peers. http://goparallel.sourceforge.net
_______________________________________________
Dspace-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-devel
