This community is for professionals and enthusiasts of the Genio platform.
Share your questions and challenges, and help your partners!
How are user passwords protected?
Does Genio use any hash function to protect user passwords? If it does, which function is being used and can it be changed if needed?
At the moment there are implemented two methods of password encryption and that are stored in the system database in the UserLogin table.
The final application administrator can choose which one to use for their security level in the Administration portal under “System Configuration” > “Security” > “Password Policy”.
Here we will find two methods named "Quidgest" and the second "Argon2".
Regarding the "Quidgest" method is a form of hash encryption performed by us and it can be seen its source code in the GenioServer project, "PasswordFactory" file, in the class "password_encriptarQuid".
In the “Argon2” method was the winner of the Password Hashing Competition (PHC) award and it is a password-hashing function that summarizes the state of the art in the design of memory-hard functions and can be used to hash passwords for credential storage, key derivation, or other applications. For more information consult the address: \https://github.com/P-H-C/phc-winner-argon2
About the Community
|Asked: 7/19/19, 4:15 PM|
|Seen: 973 times|
|Last updated: 10/3/19, 11:55 AM|