Project

General

Profile

Actions
Copy link

User story #16674

closed

Use BCrypt by default for storing user's local password

Added by Elaad FURREEDAN about 4 years ago. Updated almost 4 years ago.

Status:
Released
Priority:
N/A
Assignee:
Vincent MEMBRÉ
Category:
Security
Target version:
6.1.0~beta1
Pull Request:
https://github.com/Normation/rudder/p...
UX impact:
Suggestion strength:
User visibility:
Effort required:
Name check:
To do
Fix check:
Checked
Regression:

Description

Currently, we use md5, sha1, sha256 and sha512 to hash password and store them in a user configuration file. It would be safer to use a salted hash function.
We should use BCrypt as the hash function by default for the password.

Subtasks 3 (0 open3 closed)

User story #16724: Add Bcrypt support informations ReleasedAlexis MoussetActions
User story #16729: Add upgrade note to document how to switch from previous hash function to BCryptReleasedAlexis MoussetActions
User story #16730: Update users configuration file to add BCrypt supportReleasedFrançois ARMANDActions

Related issues 2 (0 open2 closed)

Related to Rudder - User story #16731: Adapt user configuration file to remove default admin credentialsReleasedAlexis MoussetActions
Related to User management - User story #16723: Update documentation with missing informationsReleasedElaad FURREEDANActions
Actions
Copy link
 #1

Updated by Elaad FURREEDAN about 4 years ago

  • Status changed from New to In progress
Actions
Copy link
 #2

Updated by Elaad FURREEDAN about 4 years ago

  • Assignee changed from Elaad FURREEDAN to Vincent MEMBRÉ
  • Pull Request set to https://github.com/Normation/rudder/pull/2765
Actions
Copy link
 #3

Updated by Anonymous about 4 years ago

  • Status changed from In progress to Pending release
Actions
Copy link
 #4

Updated by Elaad FURREEDAN about 4 years ago

  • Related to User story #16720: Add BCrypt support for password encoder message box added
Actions
Copy link
 #5

Updated by Elaad FURREEDAN about 4 years ago

  • Related to User story #16731: Adapt user configuration file to remove default admin credentials added
Actions
Copy link
 #6

Updated by Elaad FURREEDAN about 4 years ago

  • Related to User story #16730: Update users configuration file to add BCrypt support added
Actions
Copy link
 #7

Updated by Elaad FURREEDAN about 4 years ago

  • Related to User story #16729: Add upgrade note to document how to switch from previous hash function to BCrypt added
Actions
Copy link
 #8

Updated by Elaad FURREEDAN about 4 years ago

Actions
Copy link
 #9

Updated by Elaad FURREEDAN about 4 years ago

Actions
Copy link
 #10

Updated by Elaad FURREEDAN about 4 years ago

  • Related to deleted (User story #16720: Add BCrypt support for password encoder message box)
Actions
Copy link
 #11

Updated by François ARMAND almost 4 years ago

  • Tracker changed from Bug to User story
  • Priority deleted (0)
Actions
Copy link
 #12

Updated by Vincent MEMBRÉ almost 4 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 6.1.0~beta1 which was released today.

Actions
Copy link
 #13

Updated by Alexis Mousset almost 4 years ago

  • Subject changed from We should use BCrypt by default for storing user's local password to Use BCrypt by default for storing user's local password
Actions
Copy link
 #14

Updated by Elaad FURREEDAN almost 4 years ago

  • Fix check changed from To do to Checked
Actions
Copy link

Also available in: Atom PDF