Question

1
Replies
267
Views
EugeneR7 Member since 2013 30 posts
Deutsche Bank
Posted: May 10, 2018
Last activity: May 18, 2018
Closed

password hashing post upgrade from 7.1.x to 7.3.x

While we were on Pega 7.1.8, we needed to enable stronger password hashing, and so following the guidelines defined in the articles below, we were able to enable SHA-256 (with DSS settings below)

DSS Settings

  • prconfig/crypto/updatehash => true
  • prconfig/crypto/onewayhashalgorithm/default => SHA-512

Since then, we have upgraded to Pega 7.3.1, which (as of 7.2.2) uses bcrypt as a default hash algorithm. My questions to support community are:

  • Do we need to keep the same DSS (updated to bcrypt) or system should use bcrypt by default if they are removed
  • Is the logic behind updatehash defaulted to true if this DSS is removed? Would there be an issue with operators having older passwords logging in?

Thanks,

***Edited by Moderator Marissa to update SR Details***

Security Low-Code App Development Upgrades SR Exists
Moderation Team has archived post
Share this page LinkedIn