• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Moving away from SHA-1 - steps/procedure

 
Shankar Tanikella
Ranch Hand
Posts: 329
Eclipse IDE Java Oracle
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,
In the next quarter we are planning to change the cryptography algorithm from SHA-1 [this is a Java Web Application]. What are steps that we would need to consider, we have too many users and hence too many passwords already in DB, how is this activity actually performed? Tried googling but had not got enough luck. Any good links and suggestions are helpful.

Thank you in advance
 
Shankar Tanikella
Ranch Hand
Posts: 329
Eclipse IDE Java Oracle
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I just got one link here. Any other good ones are welcome
 
Shankar Tanikella
Ranch Hand
Posts: 329
Eclipse IDE Java Oracle
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,
Is that all? Is there any other way to do it?
 
Tim Moores
Bartender
Posts: 2895
46
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes, updating users one by one as they log in is basically the way to go. Before you start doing that, you could add an identifier in front of the hash in the DB, so you'd have something like "{SHA1}XYZ", where "XYZ" is the actual hash. That makes it easier to tell which users have been switched over already. The updated hash would then be "{SHA256}ABC".
 
Shankar Tanikella
Ranch Hand
Posts: 329
Eclipse IDE Java Oracle
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you Tim,
Thanks for your pointer on the additional identifier to the hash. Initially, I thought of adding a new column in the DB for the new hash. I was planning to remove the old password(old column) after creating the updated one(new column) and check for its existence and now if I look back and see it doesn't seem to be right [its completely dependent on business logic => wrong, duplicate functional column => wrong practice] and now I shall try to add the identifier to the hash use the same old password column. Thank you again.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic