Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #30395 Drop support of non salted MD5 user passwords
    Actions
    Infos
    #30395
    Thomas Gerbet (tgerbet)
    2023-01-25 16:41
    2023-01-24 16:20
    32025
    Details
    Drop support of non salted MD5 user passwords

    Tuleap relies on BCrypt for more than 6 years now but when introduced it we had to manage the existing password storage scheme.

    It is time to let it go, if we still have passwords stored in old format users will not be able to log in (they will need to use the password reset procedure) but it also means that they have not logged in once in the last years (password storage would have been upgraded otherwise). Keeping support for this old storage format is not safe if the DB gets breached and user have re-used their password somewhere else.

    Authentication & LDAP
    Empty
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Thomas Gerbet (tgerbet)
    Closed
    2023-01-25
    Attachments
    Empty
    References
    Referencing request #30395

    Git commit

    tuleap/tuleap/stable

    Closes request #30395: Drop support of non salted MD5 user passwords 01afafc437
    User avatar Thomas Gerbet (tgerbet) , 2023-01-24 17:48
    Merge commit 'refs/changes/34/27734/2' of ssh://gerrit.tuleap.net:29418/tuleap into HEAD 6221af4410
    User avatar Yannis ROSSETTO (rossettoy) , 2023-01-25 16:39
    Display settings

    Follow-ups