<font face="Default Sans Serif,Verdana,Arial,Helvetica,sans-serif" size="2"><div><div>Hello Martin,</div><div><br></div><div>OpenCms uses SCrypt function for password generation (which uses salt):</div><div><a href="https://en.wikipedia.org/wiki/Scrypt">https://en.wikipedia.org/wiki/Scrypt</a><br></div><div><br></div><div>Password handler with parameters is configured in opencms-system.xml config file.</div><div><br></div><div>By default "CmsDefaultPasswordHandler" is used, but you can configure "CmsAdvancedPasswordHandler" (it has stronger requirements for user passwords complexity, but it can be too much annoying in some cases).</div><div><br></div><div><a href="https://documentation.opencms.org/javadoc/core/org/opencms/security/CmsDefaultPasswordHandler.html">https://documentation.opencms.org/javadoc/core/org/opencms/security/CmsDefaultPasswordHandler.html</a><br></div><div><a href="https://documentation.opencms.org/javadoc/core/org/opencms/security/CmsAdvancedPasswordHandler.html">https://documentation.opencms.org/javadoc/core/org/opencms/security/CmsAdvancedPasswordHandler.html</a><br></div><br>S pozdravem / Kind regards<br><br>Filip Kratochvil<br>Web & Portal Consultant<br><br>IBA CZ, s.r.o.<br></div><br><br><div><font color="#990099"><a href="mailto:-----opencms-dev-bounces@opencms.org" target="_blank" rel="noopener noreferrer">-----opencms-dev-bounces@opencms.org</a> wrote: -----</font></div><div class="iNotesHistory" style="padding-left:5px;"><div style="padding-right:0px;padding-left:5px;border-left:solid black 2px;">To: "The OpenCms mailing list" <<a href="mailto:opencms-dev@opencms.org" target="_blank" rel="noopener noreferrer">opencms-dev@opencms.org</a>><br>From: <a href="mailto:martin.rosenthal@oerag.de" target="_blank" rel="noopener noreferrer">martin.rosenthal@oerag.de</a><br>Sent by: <a href="mailto:opencms-dev-bounces@opencms.org" target="_blank" rel="noopener noreferrer">opencms-dev-bounces@opencms.org</a><br>Date: 08/31/2020 11:23AM<br>Subject: [opencms-dev] OpenCMS - saving user passwords<br><br><div><font face="Courier New,Courier,monospace" size="2">hello,<br><br>i've got a question about the storage of OpenCms user passwords. I can see,<br>that the passes are stored in a hashed form in the database. For the<br>generation of the hash is there additionaly used a kind of salt to encrypt<br>the pass?<br>It's a question of our IT security commissioner on which i didn't have an<br>answer.<br><br>Thanks and regards,<br><br>Martin Rosenthal<br><br>_______________________________________________<br>This mail is sent to you from the opencms-dev mailing list<br>To change your list options, or to unsubscribe from the list, please visit<br><a href="http://lists.opencms.org/cgi-bin/mailman/listinfo/opencms-dev">http://lists.opencms.org/cgi-bin/mailman/listinfo/opencms-dev</a><br><br><br><br></font></div></div></div><div><br><hr>Disclaimer:<br><br>The information contained in this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it.<br>It may contain confidential or legally privileged information.<br>If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful.<br>If you have received this communication in error, please notify us immediately by forwarding this email to ict@ibacz.eu and then delete it from your system.<br>IBA Group is neither liable for the proper and complete transmission of the information contained in this communication nor for any delay in its receipt.<br> </div></font>