Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Authentication with secure hashing (SHA-1 rather than MD4)

dnallsopp
Champ in-the-making
Champ in-the-making

‎07-12-2012 09:15 AM

Hi all,

We are planning an Alfresco deployment which will (at least initially) run on cloud servers. Since we won't have access to the existing directory server, we planned to use the built-in Alfresco authentication subsystem.

However, this uses MD4 hashes, which are easily broken. authentication-services-context.xml says:
        <!– Passwords are encoded using MD4 –>
   <!– This is not ideal and only done to be compatible with NTLM –>
   <!– authentication against the default authentication mechanism. –>

    <bean id="passwordEncoder"
      class="org.alfresco.repo.security.authentication.MD4PasswordEncoderImpl"></bean>
Is there any alternative authentication subsystem for Alfresco that uses a secure hash (SHA-1 or better)?
Is it possible, for example, to replace org.alfresco.repo.security.authentication.MD4PasswordEncoderImpl with a bean providing a more secure implementation?

We don't need CIFS etc, so the NTLM compatibility isn't an issue - I understand this is why Alfresco still uses MD4.

Thanks for any pointers…
Labels:
0 Kudos
1 REPLY 1

scouil
Star Contributor
Star Contributor

‎07-13-2012 10:13 AM

Try having a look at:
http://svn.alfresco.com/repos/alfresco-open-mirror/alfresco/HEAD/root/projects/repository/source/jav...

I don't know more about the systems so maybe you should look into the code itself.
Or maybe you'll need to write your own class imitating those but for SHA-1
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC