Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Description

The Digizuite™ DAM Center stores user passwords using a FIPS & NIST compliant Password Hashing algorithm by default.
The underlying key derivation function introduces "workfactor" and "pepper" variables.
Out of the box, these variables may be specified in the web.config of the Dmm3BWSV3 service.

...

Note: 
Specifying high Workfactor and / or Pepper does not invalidate general best practices regarding password length and complexity!

Configuration

By default, you can specify password hashing configuration in the Dmm3BWSV3 web.config file.
You do not have to setup this configuration as it would default to the above values. However if you specify this section, the "workfactor" attribute is required, the pepper is not. 
 

This example shows how to setup a system using a workfactor of 80000 and a custom 32 byte pepper (for example readability):

Code Block
languagexml
<configuration>
  <configSections>
    <section name="passwordHashing" type="Digieyez.Digizuite.DigiZuiteLogic.PasswordHandling.Configuration.PasswordHashingSection" />
  </configSections>
  <connectionStrings />
  <passwordHashing workfactor="80000" pepper="hOHdlAaF3xZA4uON5hMuNiBeV5kfudE1w1szOLJ/Mjk=" />
</configuration>

...

languagexml

...

The children of this page describe the actions required to configure the password hashing functionality. Please access any one of the right side links of this page.

Page Tree
rootPassword Hashing - DAM v4.7.0
startDepth2
searchBoxtrue