Re: [ovirt-devel] Feature AAA JDBC password hashing
----- Original Message -----
From: "Sven Kieske" <S.Kieske(a)mittwald.de>
To: devel(a)ovirt.org
Sent: Thursday, April 24, 2014 3:36:40 PM
Subject: [ovirt-devel] Feature AAA JDBC password hashing
Hi,
I got a question/remark regarding this page:
http://www.ovirt.org/Features/AAA_JDBC
It states:
Account Password
Hash function, default sha256
Well this is not a secure default.
I don't know if nothing better can be used
but here are some viable alternatives, in
decreasing order (when we talk about security):
scrypt, bcrypt, PBKDF2
Would it be possible to use one of these
as a default?
Why do you need cipher when you can use hash?
--
Mit freundlichen Grüßen / Regards
Sven Kieske
Systemadministrator
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 6
32339 Espelkamp
T: +49-5772-293-100
F: +49-5772-293-333
https://www.mittwald.de
Geschäftsführer: Robert Meyer
St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen
_______________________________________________
Devel mailing list
Devel(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/devel