This week's book giveaway is in the Clojure forum.
We're giving away four copies of Clojure in Action and have Amit Rathore and Francis Avila on-line!
See this thread for details.
Win a copy of Clojure in Action this week in the Clojure forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Moving away from SHA-1 - steps/procedure

 
Shankar Tanikella
Ranch Hand
Posts: 329
Eclipse IDE Java Oracle
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,
In the next quarter we are planning to change the cryptography algorithm from SHA-1 [this is a Java Web Application]. What are steps that we would need to consider, we have too many users and hence too many passwords already in DB, how is this activity actually performed? Tried googling but had not got enough luck. Any good links and suggestions are helpful.

Thank you in advance
 
Shankar Tanikella
Ranch Hand
Posts: 329
Eclipse IDE Java Oracle
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I just got one link here. Any other good ones are welcome
 
Shankar Tanikella
Ranch Hand
Posts: 329
Eclipse IDE Java Oracle
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,
Is that all? Is there any other way to do it?
 
Tim Moores
Bartender
Pie
Posts: 2499
10
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes, updating users one by one as they log in is basically the way to go. Before you start doing that, you could add an identifier in front of the hash in the DB, so you'd have something like "{SHA1}XYZ", where "XYZ" is the actual hash. That makes it easier to tell which users have been switched over already. The updated hash would then be "{SHA256}ABC".
 
Shankar Tanikella
Ranch Hand
Posts: 329
Eclipse IDE Java Oracle
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you Tim,
Thanks for your pointer on the additional identifier to the hash. Initially, I thought of adding a new column in the DB for the new hash. I was planning to remove the old password(old column) after creating the updated one(new column) and check for its existence and now if I look back and see it doesn't seem to be right [its completely dependent on business logic => wrong, duplicate functional column => wrong practice] and now I shall try to add the identifier to the hash use the same old password column. Thank you again.
 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic