I have been going through the password storage mechnasism in OpenEMR and found that we are using SHA-1 on the password with no salt, is this not a bit of a security risk ?
should we not at least be using SHA1($username.$password)
or even better yet should we not use SHA-256 ?
I know this seems like a drastic move, but the mechanisms are already built to move form MD5 to SHA-1, so shouldn’t be a problem to move to SHA-256, we are dealing with VERY sensitive data and security should be a top priority.
I’m open to whatever is considered the “standard of care” here. One new issue (since the MD5 to SHA-1 mechanism was placed) that Z&H may want to weigh in on is if this may effect their portal SOAP functions that were added to OpenEMR for version 4.1 (I don’t think it will, because as I recall I think the user password for the portal is stored somewhere else).
Hi,
If it will improve security, then it sounds like a good plan. Can a Meaningful Use weigh in here to ensure this format is covered under the security guidelines?
thanks,
-brady
That is the only reference to using SHA-1, the user authentication tests don’t appear to reference any specific model, expect to say to follow the general rules for complience with FIPS-140-2
From a security standpoint, SHA1 vs. SHA256 shouldn’t matter at this point, SHA1 is still pretty strong.
The lack of salt in the hashes is the greater concern as someone with access to the database might be able to determine users’ clear text passwords through the use of rainbow tables or a similar type of attack.