File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Security and the fly likes Moving away from SHA-1 - steps/procedure Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Moving away from SHA-1 - steps/procedure " Watch "Moving away from SHA-1 - steps/procedure " New topic
Author

Moving away from SHA-1 - steps/procedure

Shankar Tanikella
Ranch Hand

Joined: Jan 30, 2011
Posts: 329

Hi all,
In the next quarter we are planning to change the cryptography algorithm from SHA-1 [this is a Java Web Application]. What are steps that we would need to consider, we have too many users and hence too many passwords already in DB, how is this activity actually performed? Tried googling but had not got enough luck. Any good links and suggestions are helpful.

Thank you in advance


Have Fun with Java
little,little.. little by little makes a lot..
Shankar Tanikella
Ranch Hand

Joined: Jan 30, 2011
Posts: 329

I just got one link here. Any other good ones are welcome
Shankar Tanikella
Ranch Hand

Joined: Jan 30, 2011
Posts: 329

Hi All,
Is that all? Is there any other way to do it?
Tim Moores
Rancher

Joined: Sep 21, 2011
Posts: 2408
Yes, updating users one by one as they log in is basically the way to go. Before you start doing that, you could add an identifier in front of the hash in the DB, so you'd have something like "{SHA1}XYZ", where "XYZ" is the actual hash. That makes it easier to tell which users have been switched over already. The updated hash would then be "{SHA256}ABC".
Shankar Tanikella
Ranch Hand

Joined: Jan 30, 2011
Posts: 329

Thank you Tim,
Thanks for your pointer on the additional identifier to the hash. Initially, I thought of adding a new column in the DB for the new hash. I was planning to remove the old password(old column) after creating the updated one(new column) and check for its existence and now if I look back and see it doesn't seem to be right [its completely dependent on business logic => wrong, duplicate functional column => wrong practice] and now I shall try to add the identifier to the hash use the same old password column. Thank you again.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Moving away from SHA-1 - steps/procedure
 
Similar Threads
MD5 And SHA In JAVA
SHA encryption algorithm doubt
command pattern
digest Algorithm
Keyczar