Project

General

Profile

Actions

User story #16674

closed

Use BCrypt by default for storing user's local password

Added by Elaad FURREEDAN almost 5 years ago. Updated over 4 years ago.

Status:
Released
Priority:
N/A
Category:
Security
Target version:
UX impact:
Suggestion strength:
User visibility:
Effort required:
Name check:
To do
Fix check:
Checked
Regression:

Description

Currently, we use md5, sha1, sha256 and sha512 to hash password and store them in a user configuration file. It would be safer to use a salted hash function.
We should use BCrypt as the hash function by default for the password.


Subtasks 3 (0 open3 closed)

User story #16724: Add Bcrypt support informations ReleasedAlexis MoussetActions
User story #16729: Add upgrade note to document how to switch from previous hash function to BCryptReleasedAlexis MoussetActions
User story #16730: Update users configuration file to add BCrypt supportReleasedFrançois ARMANDActions

Related issues 2 (0 open2 closed)

Related to Rudder - User story #16731: Adapt user configuration file to remove default admin credentialsReleasedAlexis MoussetActions
Related to User management - User story #16723: Update documentation with missing informationsReleasedElaad FURREEDANActions
Actions

Also available in: Atom PDF