[JIRA] (OVIRT-768) Decomission of MD5 Password Hashes for Infra Users

Anton Marchukov (oVirt JIRA) jira at ovirt-jira.atlassian.net
Tue Oct 11 12:35:00 UTC 2016


Anton Marchukov created OVIRT-768:
-------------------------------------

             Summary: Decomission of MD5 Password Hashes for Infra Users
                 Key: OVIRT-768
                 URL: https://ovirt-jira.atlassian.net/browse/OVIRT-768
             Project: oVirt - virtualization made easy
          Issue Type: By-EMAIL
            Reporter: Anton Marchukov
            Assignee: infra


During the work of moving password parameters from foreman to internal
hiera I noted that there are some users that still have their passwords
hashed by MD5 algorithm.

MD5 has known crypto research that make it no longer suitable for storing
passwords securely:

https://en.wikipedia.org/wiki/MD5#Security (and corresponding links).

While the hashes are stored in internal repo it is still shared and prone
to information leaks. We should ask all users to rehash their passwords
with SHA-512 and when it is done we can remove MD5 exception
in site/ovirt_infra/manifests/user.pp so MD5 hashed passwords are no
longer accepted.

The current list of users left is available in infra-hiera repo.
-- 
Anton Marchukov
Senior Software Engineer - RHEV CI - Red Hat



--
This message was sent by Atlassian JIRA
(v1000.383.2#100014)



More information about the Infra mailing list