What method is used to hash Ids and Passwords in cuba

Hi, in my cuba project, I want to maintain users and passwords and roles from the portal,
however, I have a mobile app through which am creating a service to authenticate users so that they can access the services rendered at the portal, this means that the same credentials for the portal will apply to the mobile app, however, the id and password is always encrypted. I would wish to know the method e.g md5,sha1…, that has been used so that I can include it in my app so that they co-relate.

Hi!

We use SHA-1 with salt by default. User ID is used as salt by default.

You can use PasswordEncryption bean to get hashed password:

PasswordEncryption.getPasswordHash(UUID userId, String password)

P.S. Please do not use UPPER_CASE for the title of topic.

1 Like

Thanks for the information,
My Issue is on how to use this on a separate application which is accessing the same users_tables in the database auto generated by the Cuba studio.

You could copy the corresponding classes from cuba, but I’d recommend that you integrate apps not on the database level but use web services between cuba and separate application

1 Like

Hi @artamonov

Given that SHA-1 is prone to attack and has had some bad press are there plans to change the encryption?

For those that get pretty detailed queries about security SHA-1 may pose issues.

We are planning to replace it in the next Major version 7: Add more strong password hashing algorithm · Issue #868 · cuba-platform/cuba · GitHub

At the moment you can implement your own password hashing mechanism by replacing PasswordEncryption bean in spring.xml.

1 Like

Great. Thanks for that info.