Apache.org JIRA compromise
Gervase Markham
gerv at mozilla.org
Wed Apr 14 10:18:35 UTC 2010
We rock:
https://blogs.apache.org/infra/entry/apache_org_04_09_2010
"JIRA and Confluence both use a SHA-512 hash, but without a random salt.
We believe the risk to simple passwords based on dictionary words is
quite high, and most users should rotate their passwords.
Bugzilla uses a SHA-256, including a random salt. The risk for most
users is low to moderate, since pre-built password dictionaries are not
effective, but we recommend users should still remove these passwords
from use."
Gerv
_______________________________________________
dev-apps-bugzilla mailing list
dev-apps-bugzilla at lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-apps-bugzilla
More information about the developers
mailing list