We have moved to GitHub Issues
Created by Jeffrey Schoemaker 22 Jun 2016, 14:47:10 Updated by Stephan 28 Jul 2017, 10:26:54
Relates to: U4-10089
Subtask of: U4-8632
In the current Umbraco versions you can specify whether you want your password hashed or encrypted (of course you want your password hashed )
But you can't update the passwordalgorithm later on, because the password algorithm itself is not stored on the user. Preferably it it stored on the user, so you can update your policy on a later moment (because a new passwordalgorithm is available or you have new insights on encrypting passwords). This can be in a seperate column or in the passwordfield itself (like it's done with the salt).
If you do this, there's also a migrationpath possible when upgrading your install and it's not a problem any longer to change/upgrade the algorithm in a minor version release.
#1 If this feature is implemented; look at the current settings and update the UmbracoUser-table with these settings. #2 If a user logs on with a correct username/pwd-combination AND the algorithm has changed; rehash the password with the new algorithm-policy and store that.
p.s.: It's not a problem to store the password algorithm from a security perspective. As Kerckhoff already stated in the 1883; the password should be kept secret, not the algorithm (https://en.wikipedia.org/wiki/Kerckhoffs%27s_principle).
I've started this https://github.com/umbraco/Umbraco-CMS/pull/2059
new db column created and migrated with current info, now to wire up this data with the password hasher (tomorrow)
This is all ready:
would it now also be possible to update the algorithm and it's still possible to login and the old password get rehashed with the newly set algorithm?
No, as i said all of that plumbing can come later this is just to get this all working with the new column and the base code/classes to enable that.
@Shandem Unfortunately at the moment this has the usual chicken and egg problem: can't upgrade because I can't log in because the
umbracoUser2UserGroup table doesn't yet exist.
@sebastiaan yes that is the thing this fixes: http://issues.umbraco.org/issue/U4-10138 ... so might have to wait until @zpqrtbnk reviews and merges that in.
did a successful upgrade from 7.6 and got the new passwordConfig table field, can log in and out, can change password = fine, merging
(note that for the time being, we don't use that info and just fallback to the original hashing)
Type: Feature (request)
Backwards Compatible: False
Due in version: 7.7.0
Sprint: Sprint 64
Story Points: 3