james-server-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sebastian Tacke (JIRA)" <server-...@james.apache.org>
Subject [jira] [Created] (JAMES-1532) JPAUser database field too short for SHA-512 password hashes
Date Mon, 16 Dec 2013 13:39:07 GMT
Sebastian Tacke created JAMES-1532:
--------------------------------------

             Summary: JPAUser database field too short for SHA-512 password hashes
                 Key: JAMES-1532
                 URL: https://issues.apache.org/jira/browse/JAMES-1532
             Project: James Server
          Issue Type: Bug
          Components: UsersStore & UsersRepository
    Affects Versions: 3.0-beta4
            Reporter: Sebastian Tacke


The configuration supports setting the hash algorithm for user passwords to SHA-512. However
SHA-512 hashes cannot be stored in the JPA user repository, because the field is too short.
[JPAUser|http://svn.apache.org/repos/asf/james/server/trunk/data/data-jpa/src/main/java/org/apache/james/user/jpa/model/JPAUser.java]
sets the field length to 100:
{code}/** Hashed password */
    @Basic
    @Column(name = "PASSWORD", nullable = false, length = 100)
    private String password;{code}
The password hashes are hex encoded before they are stored to the database, so SHA-512 hashes
take up (512/8)*2 = 128 characters.



--
This message was sent by Atlassian JIRA
(v6.1.4#6159)

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org


Mime
View raw message