Question

Hash algoritme in Mendix Business Modeler

7

I have a few questions about hash algorithms that I can use in the Mendix Business Modeler. Which hash algorithm is the best? Or is there no 'best' algorithm? In Mendix Business Modeler 2.4.3. I can select a new algorithm: SSHA256. What's the difference with SHA256? What will happen to my already stored passwords when I change the hash algorithm?

asked 2009-08-18

Herbert Vuijk

1 answers

Arjan van IJzendoorn · Accepted Answer · 2009-08-18

The SSHA256 introduced in version 2.4.3 is the most secure algorithm available in the Modeler.

The difference with SHA256 is that SSHA256 makes dictionary attacks a lot harder. You can no longer hash a common password like "secret" and check whether a user in the system has this password by looping through the stored password hashes. Each stored password is combined with so called 'salt' to make the hashing different. For more information, see wikipedia.

Your already stored passwords will keep working when you change the hash algorithm. Note: this is new behavior since 2.4.3! Old passwords will still be hashed with the old hash algorithm until the user changes his/her password.