[prev in list] [next in list] [prev in thread] [next in thread]
List: james-user
Subject: Re: Change hashing algorthim for existing users
From: Ashton Holmes <root () scoopta ! ninja>
Date: 2018-07-17 19:29:03
Message-ID: 38826866-1c52-ea40-a625-6792033edc40 () scoopta ! ninja
[Download RAW message or body]
I didn't even think about allowing password transition to be done like
this. I figured I'd need to at least reset passwords but you're right.
The password is available in plain text during sign in so this would
probably be a more ideal approach.
On 07/16/2018 10:56 PM, Jean Helou wrote:
>> Please first note that users' passwords are stored hashed in James thus
>> you would need anyway to change all passwords if you want to change
>> hashing algorithm.
>>
> How about making this technical transition transparent for the end user?
> For a period support both hashing : the new one as the primary the old one
> as a fallback. Each time a password uses the fallback the hash of the same
> string is computed and replaced the old hash in the database...
> This way you get seamless migration.
>
> This is what play framework did when they switched crypto cypher for
> session signing
>
>> However, when using ADMIN API / CLI API, the algorithm is not change to
>> the latest one. I believe it should be the case (thus allowing rolling
>> hash algorithm upgrades).
>>
>> I created this ticket, summing up the issue:
>> https://issues.apache.org/jira/browse/JAMES-2471
>>
>> Do you want to give it a try? Contributions would be very welcome on
>> this topic, and I can offer you help if need be.
>>
>> Cheers,
>>
>> Benoit Tellier
>>
>> Le 16/07/2018 à 23:20, Ashton Holmes a écrit :
>>> I recently changed my passwords to be hashed with SHA-512 however this
>>> change seems to only apply to new users and not when an existing user
>>> changes their password. Is there any way to make it apply when an
>>> existing user changes their password?
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
>>> For additional commands, e-mail: server-user-help@james.apache.org
>>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
>> For additional commands, e-mail: server-user-help@james.apache.org
>>
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic