Tweet
Dear EspoCRM Team,
In accordance with ISO/IEC 27001, NIS2, and modern cybersecurity best practices, encryption is a fundamental pillar of data security. ̶T̶h̶e̶ ̶c̶u̶r̶r̶e̶n̶t̶l̶y̶ ̶i̶m̶p̶l̶e̶m̶e̶n̶t̶e̶d̶ ̶M̶D̶5̶ ̶h̶a̶s̶h̶i̶n̶g̶ ̶f̶u̶n̶c̶t̶i̶o̶n̶ ̶i̶n̶ ̶E̶s̶p̶o̶C̶R̶M̶ ̶i̶s̶ ̶w̶i̶d̶e̶l̶y̶ ̶c̶o̶n̶s̶i̶d̶e̶r̶e̶d̶ ̶o̶u̶t̶d̶a̶t̶e̶d̶ ̶a̶n̶d̶ ̶i̶n̶s̶e̶c̶u̶r̶e̶.̶ As such, I strongly recommend replacing it with more robust algorithms to align with contemporary standards.
For password hashing, bcrypt is the industry standard due to its computational cost and built-in salting mechanism, which greatly enhances resistance to brute force and rainbow table attacks. Ideally, bcrypt should be used in conjunction with SHA-512 for hashing, ensuring maximum security.
This change would significantly strengthen EspoCRM's security posture and demonstrate a commitment to safeguarding user data in line with modern practices.
Thank you for your attention to this important matter. I look forward to your updates.
Best regards,
Tomas
In accordance with ISO/IEC 27001, NIS2, and modern cybersecurity best practices, encryption is a fundamental pillar of data security. ̶T̶h̶e̶ ̶c̶u̶r̶r̶e̶n̶t̶l̶y̶ ̶i̶m̶p̶l̶e̶m̶e̶n̶t̶e̶d̶ ̶M̶D̶5̶ ̶h̶a̶s̶h̶i̶n̶g̶ ̶f̶u̶n̶c̶t̶i̶o̶n̶ ̶i̶n̶ ̶E̶s̶p̶o̶C̶R̶M̶ ̶i̶s̶ ̶w̶i̶d̶e̶l̶y̶ ̶c̶o̶n̶s̶i̶d̶e̶r̶e̶d̶ ̶o̶u̶t̶d̶a̶t̶e̶d̶ ̶a̶n̶d̶ ̶i̶n̶s̶e̶c̶u̶r̶e̶.̶ As such, I strongly recommend replacing it with more robust algorithms to align with contemporary standards.
For password hashing, bcrypt is the industry standard due to its computational cost and built-in salting mechanism, which greatly enhances resistance to brute force and rainbow table attacks. Ideally, bcrypt should be used in conjunction with SHA-512 for hashing, ensuring maximum security.
This change would significantly strengthen EspoCRM's security posture and demonstrate a commitment to safeguarding user data in line with modern practices.
Thank you for your attention to this important matter. I look forward to your updates.
Best regards,
Tomas
Comment