Eugene Roytfeld (EugeneR7)
Deutsche Bank
Vice President
Deutsche Bank
EugeneR7 Member since 2013 30 posts
Deutsche Bank
Posted: May 10, 2018
Last activity: May 18, 2018
Posted: 10 May 2018 10:51 EDT
Last activity: 18 May 2018 14:42 EDT

password hashing post upgrade from 7.1.x to 7.3.x

While we were on Pega 7.1.8, we needed to enable stronger password hashing, and so following the guidelines defined in the articles below, we were able to enable SHA-256 (with DSS settings below)

DSS Settings

  • prconfig/crypto/updatehash => true
  • prconfig/crypto/onewayhashalgorithm/default => SHA-512

Since then, we have upgraded to Pega 7.3.1, which (as of 7.2.2) uses bcrypt as a default hash algorithm. My questions to support community are:

  • Do we need to keep the same DSS (updated to bcrypt) or system should use bcrypt by default if they are removed
  • Is the logic behind updatehash defaulted to true if this DSS is removed? Would there be an issue with operators having older passwords logging in?


***Edited by Moderator Marissa to update SR Details***

Security System Administration Upgrades Support Case Exists
Moderation Team has archived post, This thread is closed to future replies. Content and links will no longer be updated. If you have the same/similar Question, please write a new Question.