[JIRA] (OVIRT-768) Decomission of MD5 Password Hashes for Infra Users

Decomission of MD5 Password Hashes for Infra Users -------------------------------------------------- Key: OVIRT-768 URL: https://ovirt-jira.atlassian.net/browse/OVIRT-768 Project: oVirt - virtualization made easy Issue Type: Improvement Reporter: Anton Marchukov Assignee: infra During the work of moving password parameters from foreman to internal hiera I noted that there are some users that still have their passwords hashed by MD5 algorithm. MD5 has known crypto research that make it no longer suitable for storing passwords securely: https://en.wikipedia.org/wiki/MD5#Security (and corresponding links). While the hashes are stored in internal repo it is still shared and prone to information leaks. We should ask all users to rehash their passwords with SHA-512 and when it is done we can remove MD5 exception in site/ovirt_infra/manifests/user.pp so MD5 hashed passwords are no longer accepted. The current list of users left is available in infra-hiera repo. -- Anton Marchukov Senior Software Engineer - RHEV CI - Red Hat