[ovirt-devel] Feature AAA JDBC password hashing

Alon Bar-Lev alonbl at redhat.com
Thu Apr 24 12:39:32 UTC 2014



----- Original Message -----
> From: "Sven Kieske" <S.Kieske at mittwald.de>
> To: devel at ovirt.org
> Sent: Thursday, April 24, 2014 3:36:40 PM
> Subject: [ovirt-devel] Feature AAA JDBC password hashing
> 
> Hi,
> 
> I got a question/remark regarding this page:
> 
> http://www.ovirt.org/Features/AAA_JDBC
> 
> It states:
> Account Password
>     Hash function, default sha256
> 
> Well this is not a secure default.
> 
> I don't know if nothing better can be used
> but here are some viable alternatives, in
> decreasing order (when we talk about security):
> scrypt, bcrypt, PBKDF2
> 
> Would it be possible to use one of these
> as a default?

Why do you need cipher when you can use hash?

> 
> --
> Mit freundlichen Grüßen / Regards
> 
> Sven Kieske
> 
> Systemadministrator
> Mittwald CM Service GmbH & Co. KG
> Königsberger Straße 6
> 32339 Espelkamp
> T: +49-5772-293-100
> F: +49-5772-293-333
> https://www.mittwald.de
> Geschäftsführer: Robert Meyer
> St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
> Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen
> _______________________________________________
> Devel mailing list
> Devel at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/devel



More information about the Devel mailing list