Foren

  1. Startseite
  2. Development
  3. Liferay encryption of password

Liferay encryption of password

thumbnail
Soukaina HAJI, geändert vor 9 Jahren.

Liferay encryption of password

Regular Member Beiträge: 195 Beitrittsdatum: 17.06.14 Neueste Beiträge
Hello I am using liferay 6.2 ce ga2 and I need to know what type of encryption liferay uses ??

thank you
thumbnail
Harish Kumar, geändert vor 9 Jahren.

RE: Liferay encryption of password (Antwort)

Expert Beiträge: 483 Beitrittsdatum: 31.07.10 Neueste Beiträge
Liferay makes use of SHA algorithm for password encryption. you can find the below property in portal.properties file.

 passwords.encryption.algorithm=SHA


Regards
thumbnail
David H Nebinger, geändert vor 9 Jahren.

RE: Liferay encryption of password

Liferay Legend Beiträge: 14919 Beitrittsdatum: 02.09.06 Neueste Beiträge
Liferay does not encrypt the password, it creates a hash from the password.

This means that it is only one way, it cannot be decrypted to get the password back.

For example, "password" may hash to "AABACD13869904FE...". It may also happen that the string "Cuckoo" also hashes to that string (actually collisions would never be that easy, that is included here just for an example), but basically the process used is:

check(hash(password))

where the hash is calculated from the password and this is then compared against the stored value. If you've entered "Zipper", this will create a completely different hash value and the check fails, so the password is incorrect. The collisions, i.e. "Cuckoo" in this example, would actually allow someone to log in only because of the collision in the hashes of the two words (note again where I said that collisions are not going to be that frequent).

So you can never get back to the password that was entered, because it's simply not available.
thumbnail
Soukaina HAJI, geändert vor 9 Jahren.

RE: Liferay encryption of password

Regular Member Beiträge: 195 Beitrittsdatum: 17.06.14 Neueste Beiträge
thank you, is there a way to decrypt a password using java ?
thumbnail
David H Nebinger, geändert vor 9 Jahren.

RE: Liferay encryption of password

Liferay Legend Beiträge: 14919 Beitrittsdatum: 02.09.06 Neueste Beiträge
It is not encrypted, it is hashed. They are two different things.
thumbnail
Soukaina HAJI, geändert vor 9 Jahren.

RE: Liferay encryption of password

Regular Member Beiträge: 195 Beitrittsdatum: 17.06.14 Neueste Beiträge
ok I have just found that it's impossible to get the original password
so is there a way to change type of encrypted password so it can use MD5 or SH ?
thumbnail
Samuel Kong, geändert vor 9 Jahren.

RE: Liferay encryption of password

Liferay Legend Beiträge: 1902 Beitrittsdatum: 10.03.08 Neueste Beiträge
You can change the hashing algorithm used for passwords in your portal(-ext).properties file

passwords.encryption.algorithm=MD5
passwords.encryption.algorithm=SHA


Check out portal.properties for a list of all supported hashing algorithms.

However, you should NOT use MD5 or SHA as the hashing algorithm. Both MD5 and SHA are broken and is no longer considered safe. These options are made available mainly for legacy purposes.
bing yue, geändert vor 9 Jahren.

RE: Liferay encryption of password

New Member Beiträge: 4 Beitrittsdatum: 18.03.14 Neueste Beiträge
good.
Alla Sapozhnikova, geändert vor 7 Jahren.

RE: Liferay encryption of password

Junior Member Beiträge: 81 Beitrittsdatum: 02.03.12 Neueste Beiträge
Samuel Kong:
You can change the hashing algorithm used for passwords in your portal(-ext).properties file

passwords.encryption.algorithm=MD5
passwords.encryption.algorithm=SHA


Check out portal.properties for a list of all supported hashing algorithms.

However, you should NOT use MD5 or SHA as the hashing algorithm. Both MD5 and SHA are broken and is no longer considered safe. These options are made available mainly for legacy purposes.


Does your answer mean that I can change the passwords.encryption.algorithm in portal-ext.properties, restart the server, and when a user logs in, the password will be stored using a different algorithm?
thumbnail
Samuel Kong, geändert vor 7 Jahren.

RE: Liferay encryption of password

Liferay Legend Beiträge: 1902 Beitrittsdatum: 10.03.08 Neueste Beiträge
The password is either changed when the user signs in or next time the user changes his/her password. Unfortunately I don't remember which. You can do some testing if you really need to know.
thumbnail
Alberto Chaparro, geändert vor 7 Jahren.

RE: Liferay encryption of password

Liferay Master Beiträge: 549 Beitrittsdatum: 25.04.11 Neueste Beiträge
Hi Alla,

You can try to follow this procedure:
  • Stop your server.
  • Do a backup.
  • Set the property passwords.encryption.algorithm.legacy to the old encryption algorithm.
  • Set the property passwords.encryption.algorithm to the new algorithm.
  • Start your server.
  • When users log in the password encryption will change.


Please, let us know about the results.

Cheers!