User story #16674
closed
Use BCrypt by default for storing user's local password
Added by Elaad FURREEDAN almost 5 years ago.
Updated over 4 years ago.
Description
Currently, we use md5, sha1, sha256 and sha512 to hash password and store them in a user configuration file. It would be safer to use a salted hash function.
We should use BCrypt as the hash function by default for the password.
- Status changed from New to In progress
- Assignee changed from Elaad FURREEDAN to Vincent MEMBRÉ
- Pull Request set to https://github.com/Normation/rudder/pull/2765
- Status changed from In progress to Pending release
- Related to User story #16720: Add BCrypt support for password encoder message box added
- Related to User story #16731: Adapt user configuration file to remove default admin credentials added
- Related to User story #16730: Update users configuration file to add BCrypt support added
- Related to User story #16729: Add upgrade note to document how to switch from previous hash function to BCrypt added
- Related to deleted (User story #16720: Add BCrypt support for password encoder message box)
- Tracker changed from Bug to User story
- Priority deleted (
0)
- Status changed from Pending release to Released
This bug has been fixed in Rudder 6.1.0~beta1 which was released today.
- Subject changed from We should use BCrypt by default for storing user's local password to Use BCrypt by default for storing user's local password
- Fix check changed from To do to Checked
Also available in: Atom
PDF
Updated by 
Updated by Anonymous 
Updated by 
Updated by 
Updated by