[ovirt-devel] Feature AAA JDBC password hashing

Sven Kieske S.Kieske at mittwald.de
Thu Apr 24 12:36:40 UTC 2014


Hi,

I got a question/remark regarding this page:

http://www.ovirt.org/Features/AAA_JDBC

It states:
Account Password
    Hash function, default sha256

Well this is not a secure default.

I don't know if nothing better can be used
but here are some viable alternatives, in
decreasing order (when we talk about security):
scrypt, bcrypt, PBKDF2

Would it be possible to use one of these
as a default?

-- 
Mit freundlichen Grüßen / Regards

Sven Kieske

Systemadministrator
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 6
32339 Espelkamp
T: +49-5772-293-100
F: +49-5772-293-333
https://www.mittwald.de
Geschäftsführer: Robert Meyer
St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen


More information about the Devel mailing list