----- Original Message -----
From: "Sven Kieske" <S.Kieske@mittwald.de> To: devel@ovirt.org Sent: Thursday, April 24, 2014 3:36:40 PM Subject: [ovirt-devel] Feature AAA JDBC password hashing
Hi,
I got a question/remark regarding this page:
http://www.ovirt.org/Features/AAA_JDBC
It states: Account Password Hash function, default sha256
Well this is not a secure default.
I don't know if nothing better can be used but here are some viable alternatives, in decreasing order (when we talk about security): scrypt, bcrypt, PBKDF2
Would it be possible to use one of these as a default?
Why do you need cipher when you can use hash?
-- Mit freundlichen Grüßen / Regards
Sven Kieske
Systemadministrator Mittwald CM Service GmbH & Co. KG Königsberger Straße 6 32339 Espelkamp T: +49-5772-293-100 F: +49-5772-293-333 https://www.mittwald.de Geschäftsführer: Robert Meyer St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen _______________________________________________ Devel mailing list Devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/devel