Forums » Open discussion »
FR Other password storing/hashing techniques
Added by Nils Linde over 13 years ago
Just now, got to "problem". Tried to import my users database into redmine db, then realized, Redmine uses SH1 crypting, to store passwords. I don't know reasons for developers to use this unfrequently used algorithm, but I would suggest to add feature for administrator, i.e. at least at config files, to choose, which password crypting he prefers.
That is quite easy to implement, so main thing is support from community, to vote, if such feature is needed.
Additionally, there can be added another column to user's table, to flag, which algorithm is used, giving ability to switch crypting algorithms whenever is needed and making possible to import many different user databases, from different systems, just adding parameter, which method is used...
SHA! is actually NOT infrequently used. It is safe today (in contrast to md5 which is considered broken) and rather fast when compared to SHA256 (and still of sufficient safety). Also, the choice of the encryption algorithm affects many other related systems, so it is not that simple to change it .
RE: FR Other password storing/hashing techniques
-
Added by Holger Just over 13 years ago