]
Anton Marchukov updated OVIRT-768:
----------------------------------
Resolution: Won't Fix
Status: Done (was: To Do)
Decomission of MD5 Password Hashes for Infra Users
--------------------------------------------------
Key: OVIRT-768
URL:
https://ovirt-jira.atlassian.net/browse/OVIRT-768
Project: oVirt - virtualization made easy
Issue Type: Improvement
Reporter: Anton Marchukov
Assignee: infra
During the work of moving password parameters from foreman to internal
hiera I noted that there are some users that still have their passwords
hashed by MD5 algorithm.
MD5 has known crypto research that make it no longer suitable for storing
passwords securely:
https://en.wikipedia.org/wiki/MD5#Security (and corresponding links).
While the hashes are stored in internal repo it is still shared and prone
to information leaks. We should ask all users to rehash their passwords
with SHA-512 and when it is done we can remove MD5 exception
in site/ovirt_infra/manifests/user.pp so MD5 hashed passwords are no
longer accepted.
The current list of users left is available in infra-hiera repo.
--
Anton Marchukov
Senior Software Engineer - RHEV CI - Red Hat
--
This message was sent by Atlassian Jira
(v1001.0.0-SNAPSHOT#100098)