Default password encryption in Umbraco 7 and overriding it
What is the default password encryption in Umbraco 7? Is there possibility to override it? For example if U7 uses SHA1, which is not safe, how can I migrate to SHA256?
take a look at the page https://umbraco.com/security. You should (after install) set "legacyEncoding" to "false" in your web.config and after that the passwords are hashed HMAC-SHA256 and a 128bit-salt.
After switching to new hash algorithm now I cannot log in to backoffice locally. Seems that courier users are not created in umbraco. Is there workaround to avoid this issue?
Default password encryption in Umbraco 7 and overriding it
What is the default password encryption in Umbraco 7? Is there possibility to override it? For example if U7 uses SHA1, which is not safe, how can I migrate to SHA256?
Hi Aman,
take a look at the page https://umbraco.com/security. You should (after install) set "legacyEncoding" to "false" in your web.config and after that the passwords are hashed HMAC-SHA256 and a 128bit-salt.
Regards, Jeffrey
Thank you!
After switching to new hash algorithm now I cannot log in to backoffice locally. Seems that courier users are not created in umbraco. Is there workaround to avoid this issue?
Changes I have implemented:
is working on a reply...