[JIRA] (OVIRT-768) Decomission of MD5 Password Hashes for Infra Users

eedri (oVirt JIRA) jira at ovirt-jira.atlassian.net
Tue Jun 27 14:53:57 UTC 2017


     [ https://ovirt-jira.atlassian.net/browse/OVIRT-768?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

eedri updated OVIRT-768:
------------------------
    Issue Type: Improvement  (was: By-EMAIL)

> Decomission of MD5 Password Hashes for Infra Users
> --------------------------------------------------
>
>                 Key: OVIRT-768
>                 URL: https://ovirt-jira.atlassian.net/browse/OVIRT-768
>             Project: oVirt - virtualization made easy
>          Issue Type: Improvement
>            Reporter: Anton Marchukov
>            Assignee: infra
>
> During the work of moving password parameters from foreman to internal
> hiera I noted that there are some users that still have their passwords
> hashed by MD5 algorithm.
> MD5 has known crypto research that make it no longer suitable for storing
> passwords securely:
> https://en.wikipedia.org/wiki/MD5#Security (and corresponding links).
> While the hashes are stored in internal repo it is still shared and prone
> to information leaks. We should ask all users to rehash their passwords
> with SHA-512 and when it is done we can remove MD5 exception
> in site/ovirt_infra/manifests/user.pp so MD5 hashed passwords are no
> longer accepted.
> The current list of users left is available in infra-hiera repo.
> -- 
> Anton Marchukov
> Senior Software Engineer - RHEV CI - Red Hat



--
This message was sent by Atlassian JIRA
(v1000.1089.0#100053)


More information about the Infra mailing list