Skip to content

Update password hash algorithm to SHA256 #6638

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Update password hash algorithm to SHA256 #6638

wants to merge 1 commit into from

Conversation

bdukes
Copy link
Contributor

@bdukes bdukes commented Jul 29, 2025

This PR updates the default hash algorithm to SHA256. It does not add any logic for migrating users from SHA1 hashes, it only affects new installations.

I have tested that password history works as expected.

Fixes #6614

@bdukes bdukes requested review from mitchelsellers and a team July 29, 2025 21:32
mitchelsellers
mitchelsellers approved these changes Jul 31, 2025
View reviewed changes
Copy link
Contributor

@mitchelsellers mitchelsellers left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is a good change. So long as others are ok with this @valadas I think we just need to find out how to document/note this in the release notes? Or maybe it goes in dnndocs?

@valadas
Copy link
Contributor

valadas commented Aug 2, 2025

What we discussed is that would be for new installs only. But we would document how to migrate to it for upgrades. We need to test the process but if I remember correctly you just have run an sql script to force password reset upon next login.

@r90727
Copy link

r90727 commented Aug 2, 2025

@valadas ok, deleted my comment as I didn't notice the "new installs only" remark. And yes, password reset is the only way foward for existing users.

@valadas
Copy link
Contributor

valadas commented Aug 2, 2025

@r90727 you got me scratching my head a bit there, I was replying to a ghost lol...

@mitchelsellers
Copy link
Contributor

@valadas I thought we had targeted included this one in the RC, did I mis-remember?

valadas added a commit to valadas/DNNDocs that referenced this pull request Aug 24, 2025
@valadas
Added documentation for Membership Providers configuration
cb683a9 
Added documentation for Membership Providers configuration
This will be useful to link to from the release notes of the next DNN version considering this PR dnnsoftware/Dnn.Platform#6638
@valadas valadas mentioned this pull request Aug 24, 2025
Open
@valadas valadas added this to the 10.1.1 milestone Aug 24, 2025
@valadas
Copy link
Contributor

valadas commented Aug 24, 2025

Ok, what do you guys think of this documentation here DNNCommunity/DNNDocs#766
I approved this PR and I think since it only affects new installs, we should do it in the next minor, agreed?

@bdukes
Copy link
Contributor Author

bdukes commented Aug 25, 2025

Yes, this should be in 10.2.0

@bdukes bdukes modified the milestones: 10.1.1, 10.2.0 Aug 26, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mitchelsellers mitchelsellers mitchelsellers approved these changes

@valadas valadas valadas approved these changes

Assignees
No one assigned
Labels
Noteworthy Type: Enhancement
Projects
None yet
Milestone
10.2.0
Development

Successfully merging this pull request may close these issues.

[Enhancement]: Change password hash from SHA1 to SHA256
4 participants
@bdukes @valadas @r90727 @mitchelsellers