Issue 2551265: deprecate SSHA password hash method. - Roundup tracker

classification

Title:	deprecate SSHA password hash method.
Type:	security	Severity:	normal
Components:	Web interface	Versions:

process

Status:	fixed	Resolution:	fixed
Dependencies		Superseder:
Assigned To:	rouilj	Nosy List:	rouilj
Priority:		Keywords:

Created on 2023-02-24 01:43 by rouilj, last changed 2023-04-02 01:03 by rouilj.

Messages
msg7734	Author: [hidden] (rouilj)	Date: 2023-02-24 01:43
The SSHA (salted sha1) password hashing function should be deprecated. The normal roundup migration will elevate it to PBKDF2 on the user's next login.
msg7748	Author: [hidden] (rouilj)	Date: 2023-04-02 01:03
deprecated in changeset: 7241:78c3f4aced76 Users using this will be automatically upgraded to the next hash method available if enabled in config.ini. If SSHA is set as the scheme for a Password in schema.py, it should still work. I am not sure if explicitly setting the scheme prevents automatic upgrade, but...

History
Date	User	Action	Args
2023-04-02 01:03:40	rouilj	set	status: new -> fixed assignee: rouilj resolution: fixed messages: + msg7748
2023-02-24 01:43:40	rouilj	create