Uploaded image for project: 'VIVO'
  1. VIVO
  2. VIVO-1448

Move password encryption from MD5 to a salted hash

    XMLWordPrintable

    Details

    • Institution:
      TIB Hannover
    • Attachments:
      1
    • Comments:
      13
    • Sprint:
      VIVO Sprint 1, VIVO Sprint 2

      Description

      We should move from MD5 to something more secure. DSpace chose to use "salted SHA-512 multi-round hashing". According to the German Federal Office for Information Security MD5 has massive weaknesses and should not be used anymore.

      Suitable algorithms are above all the newer SHA -2 versions ( SHA -256, SHA -384, SHA -512), and the newly developed standard SHA -3 with a hash length from 256 bits. These hash functions are designed for applications with higher collision-resistance requirements.

      https://www.bsi.bund.de/DE/Themen/ITGrundschutz/ITGrundschutzKataloge/Inhalt/_content/m/m02/m02164.html?nn=6610622 lists some criteria to chose a method.

      Google translate (scroll down to "Hashing" or "selection criteria"):

      https://translate.google.de/translate?sl=auto&tl=en&js=y&prev=_t&hl=de&ie=UTF-8&u=https%3A%2F%2Fwww.bsi.bund.de%2FDE%2FThemen%2FITGrundschutz%2FITGrundschutzKataloge%2FInhalt%2F_content%2Fm%2Fm02%2Fm02164.html%3Fnn%3D6610622&edit-text=&act=url

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                ahmad.asim Qazi Asim Ijaz Ahmad
                Reporter:
                ch Christian Hauschke
              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: