This topic contains 0 replies, has 1 voice, and was last updated by  MSPControl 10 months, 3 weeks ago.

  • Author
    Posts
  • #4740
     MSPControl 
    Keymaster

    As of build 2209 we have swapped out the standard Reversible encryption system currently used for PEER password for Argon2 One-Way Cryptographic Hash with Salt. This new hash cannot be reversed and is Memory hard. Prior to 2209, Passwords used the same Private Crypto-key system to hash passwords, meaning an attacker could take the Crypto-Key and use it to decrypt all Peer Passwords. It also left room for someone to perform a rainbow table type attack on user tables to quickly decipher passwords from a pre-generated table of hashes.

    More information on why Password Hashing with Salt is important, and why having a memory hard algorithm is the way to go.
    https://crackstation.net/hashing-security.htm

    Under system settings, there is now a button to allow you to convert all user passwords to SALT, otherwise they will adjust as your users reset their passwords. We suggest forcing the conversion to SALT based password hashes sooner than later as the WebsitePanel Opensource encryption path is well known, and at this point believe it’s completely insecure and possibly compromised.

    7
    7 people like this.
    Please wait...
Viewing 1 post (of 1 total)

The forum ‘Announcements’ is closed to new topics and replies.

Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Sending

©2017 MSPControl | Privacy Policy

Log in with your credentials

or    

Forgot your details?

Create Account