High CPU and memory use with stacktraces associated to password encryption
How To articles are not official guidelines or officially supported documentation. They are community-contributed content and may not always reflect the latest updates to Liferay DXP. We welcome your feedback to improve How To articles!
While we make every effort to ensure this Knowledge Base is accurate, it may not always reflect the most recent updates or official guidelines.We appreciate your understanding and encourage you to reach out with any feedback or concerns.
Legacy Article
You are viewing an article from our legacy "FastTrack"
publication program, made available for informational purposes. Articles
in this program were published without a requirement for independent
editing or verification and are provided"as is" without
guarantee.
Before using any information from this article, independently verify its
suitability for your situation and project.
Environment
- Liferay DXP 7.4
- Liferay Quarterly Release
Resolution
- This issue can occur if there are users trying to login whose password algorithm is a legacy one but the portal property
passwords.encryption.algorithm.legacy is not informed.
- The portal property
passwords.encryption.algorithm defines the current password encryption algorithm and has the default value passwords.encryption.algorithm=PBKDF2WithHmacSHA1/160/1300000, although some other options are available.
- Nevertheless, some users might still have their password encrypted with one of the legacy encryption algorithms, indicated via the portal property
passwords.encryption.algorithm.legacy, whose default value is SHA.
- If the property
passwords.encryption.algorithm.legacy is not informed, the current password algorithm will be used instead, producing the issue.
- To ensure that old users using legacy encryption algorithms can login correctly and to avoid CPU and memory overuse, add the property
passwords.encryption.algorithm.legacy to the file portal-ext.properties with the correct value (most likely, SHA).
- Consider also defining a Password Policy that requires users to change their password regularly since changed passwords will be encrypted with the new algorithm.
- Note: this bug prevented the new algorithm from being used before 7.4 u54.
Did this article resolve your issue ?