About password encryption

pstapleton · May 11, 2017, 7:26am

Hi,

I suggest that when this is implemented it should not be a MD5 hash. This is not a recommended way to do this anymore.
It is more usual to use an algorithm suited to hashing passwords like bcrypt, scrypt or PBKDF2 with a salt which is also saved in the database. This is then hard to bruteforce if the database is compromised.
I Think if this is implemented it should be done in a way that is considered good by todays standards.

References:
https://crackstation.net/hashing-security.htm#faq
https://www.owasp.org/index.php/Hashing_Java
http://security.blogoverflow.com/2013/09/about-secure-password-hashing/

/Paul

Topic		Replies	Views
How to add support for hashed password Flowable Engine	3	514	December 13, 2021
REST API authentication fails with hashed passwords Flowable Engine	16	3473	February 28, 2018
Flowable IDM - Azure Active Directory Integration Flowable Engine	11	1535	December 6, 2023
Encryption and Decryption Logic in Flowable Flowable Engine	2	393	July 7, 2020
Encrypted DB password into flowable-default.properties	1	431	October 5, 2021

About password encryption

Related topics