[JIRA] (OVIRT-768) Decomission of MD5 Password Hashes for Infra Users
eyal edri [Administrator] (oVirt JIRA)
jira at ovirt-jira.atlassian.net
Thu Nov 3 12:58:04 UTC 2016
[ https://ovirt-jira.atlassian.net/browse/OVIRT-768?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
eyal edri [Administrator] updated OVIRT-768:
--------------------------------------------
Epic Link: OVIRT-403
> Decomission of MD5 Password Hashes for Infra Users
> --------------------------------------------------
>
> Key: OVIRT-768
> URL: https://ovirt-jira.atlassian.net/browse/OVIRT-768
> Project: oVirt - virtualization made easy
> Issue Type: By-EMAIL
> Reporter: Anton Marchukov
> Assignee: infra
>
> During the work of moving password parameters from foreman to internal
> hiera I noted that there are some users that still have their passwords
> hashed by MD5 algorithm.
> MD5 has known crypto research that make it no longer suitable for storing
> passwords securely:
> https://en.wikipedia.org/wiki/MD5#Security (and corresponding links).
> While the hashes are stored in internal repo it is still shared and prone
> to information leaks. We should ask all users to rehash their passwords
> with SHA-512 and when it is done we can remove MD5 exception
> in site/ovirt_infra/manifests/user.pp so MD5 hashed passwords are no
> longer accepted.
> The current list of users left is available in infra-hiera repo.
> --
> Anton Marchukov
> Senior Software Engineer - RHEV CI - Red Hat
--
This message was sent by Atlassian JIRA
(v1000.482.6#100017)
More information about the Infra
mailing list