Question
1
Replies
46
Views
Accenture Solutions Pvt.Ltd
Posted: September 9, 2019
Last activity: September 11, 2019
Closed
Hash algorithm upgrade in Pega 6.2 SP2
Hi Team,
Currently our application is on Pega 6.2 SP2 version and there is no pr-config setup for Hash algorithm validation.
From security perspective, our client is planning to upgrade either one of the below Hash algorithm:
1. MD5
2. SHA-1
3. SHA-2
Can any one please suggest the approach for this or any relevant article to refer the same ?
In the 7.2.2 release, we made bcrypt - the current 'gold standard' in one way hash algorithms - the default. This was released December 2016.
https://community.pega.com/knowledgebase/using-bcrypt-hashing-algorithm-password-property-types
In 7.1.7, we made SHA-256 and SHA-512 available:
https://community.pega.com/knowledgebase/release-note/password-hashing-using-sha-256sha-512
You should consider upgrading the application to take advantage of these and other security features and updates in the most recent versions. The current version is 8.3.