掲示板

  1. ホーム
  2. Development
  3. Liferay encryption of password

Liferay encryption of password

thumbnail
9年前 に Soukaina HAJI によって更新されました。

Liferay encryption of password

Regular Member 投稿: 195 参加年月日: 14/06/17 最新の投稿
Hello I am using liferay 6.2 ce ga2 and I need to know what type of encryption liferay uses ??

thank you
thumbnail
9年前 に Harish Kumar によって更新されました。

RE: Liferay encryption of password (回答)

Expert 投稿: 483 参加年月日: 10/07/31 最新の投稿
Liferay makes use of SHA algorithm for password encryption. you can find the below property in portal.properties file.

 passwords.encryption.algorithm=SHA


Regards
thumbnail
9年前 に David H Nebinger によって更新されました。

RE: Liferay encryption of password

Liferay Legend 投稿: 14919 参加年月日: 06/09/02 最新の投稿
Liferay does not encrypt the password, it creates a hash from the password.

This means that it is only one way, it cannot be decrypted to get the password back.

For example, "password" may hash to "AABACD13869904FE...". It may also happen that the string "Cuckoo" also hashes to that string (actually collisions would never be that easy, that is included here just for an example), but basically the process used is:

check(hash(password))

where the hash is calculated from the password and this is then compared against the stored value. If you've entered "Zipper", this will create a completely different hash value and the check fails, so the password is incorrect. The collisions, i.e. "Cuckoo" in this example, would actually allow someone to log in only because of the collision in the hashes of the two words (note again where I said that collisions are not going to be that frequent).

So you can never get back to the password that was entered, because it's simply not available.
thumbnail
9年前 に Soukaina HAJI によって更新されました。

RE: Liferay encryption of password

Regular Member 投稿: 195 参加年月日: 14/06/17 最新の投稿
thank you, is there a way to decrypt a password using java ?
thumbnail
9年前 に David H Nebinger によって更新されました。

RE: Liferay encryption of password

Liferay Legend 投稿: 14919 参加年月日: 06/09/02 最新の投稿
It is not encrypted, it is hashed. They are two different things.
thumbnail
9年前 に Soukaina HAJI によって更新されました。

RE: Liferay encryption of password

Regular Member 投稿: 195 参加年月日: 14/06/17 最新の投稿
ok I have just found that it's impossible to get the original password
so is there a way to change type of encrypted password so it can use MD5 or SH ?
thumbnail
9年前 に Samuel Kong によって更新されました。

RE: Liferay encryption of password

Liferay Legend 投稿: 1902 参加年月日: 08/03/10 最新の投稿
You can change the hashing algorithm used for passwords in your portal(-ext).properties file

passwords.encryption.algorithm=MD5
passwords.encryption.algorithm=SHA


Check out portal.properties for a list of all supported hashing algorithms.

However, you should NOT use MD5 or SHA as the hashing algorithm. Both MD5 and SHA are broken and is no longer considered safe. These options are made available mainly for legacy purposes.
9年前 に bing yue によって更新されました。

RE: Liferay encryption of password

New Member 投稿: 4 参加年月日: 14/03/18 最新の投稿
good.
7年前 に Alla Sapozhnikova によって更新されました。

RE: Liferay encryption of password

Junior Member 投稿: 81 参加年月日: 12/03/02 最新の投稿
Samuel Kong:
You can change the hashing algorithm used for passwords in your portal(-ext).properties file

passwords.encryption.algorithm=MD5
passwords.encryption.algorithm=SHA


Check out portal.properties for a list of all supported hashing algorithms.

However, you should NOT use MD5 or SHA as the hashing algorithm. Both MD5 and SHA are broken and is no longer considered safe. These options are made available mainly for legacy purposes.


Does your answer mean that I can change the passwords.encryption.algorithm in portal-ext.properties, restart the server, and when a user logs in, the password will be stored using a different algorithm?
thumbnail
7年前 に Samuel Kong によって更新されました。

RE: Liferay encryption of password

Liferay Legend 投稿: 1902 参加年月日: 08/03/10 最新の投稿
The password is either changed when the user signs in or next time the user changes his/her password. Unfortunately I don't remember which. You can do some testing if you really need to know.
thumbnail
7年前 に Alberto Chaparro によって更新されました。

RE: Liferay encryption of password

Liferay Master 投稿: 549 参加年月日: 11/04/25 最新の投稿
Hi Alla,

You can try to follow this procedure:
  • Stop your server.
  • Do a backup.
  • Set the property passwords.encryption.algorithm.legacy to the old encryption algorithm.
  • Set the property passwords.encryption.algorithm to the new algorithm.
  • Start your server.
  • When users log in the password encryption will change.


Please, let us know about the results.

Cheers!