Question

Hash algorithm upgrade in Pega 6.2 SP2

Hi Team,

Currently our application is on Pega 6.2 SP2 version and there is no pr-config setup for Hash algorithm validation.

From security perspective, our client is planning to upgrade either one of the below Hash algorithm:

1. MD5

2. SHA-1

3. SHA-2

Can any one please suggest the approach for this or any relevant article to refer the same ?

Comments

Keep up to date on this post and subscribe to comments

September 11, 2019 - 2:07pm

In the 7.2.2 release, we made bcrypt - the current 'gold standard' in one way hash algorithms - the default.  This was released December 2016.

https://community.pega.com/knowledgebase/using-bcrypt-hashing-algorithm-password-property-types

In 7.1.7, we made SHA-256 and SHA-512 available:

https://community.pega.com/knowledgebase/release-note/password-hashing-using-sha-256sha-512

You should consider upgrading the application to take advantage of these and other security features and updates in the most recent versions.  The current version is 8.3.