Algorithm used for token generation

security
tokens

(Christian Miszczak) #1

Must-share information:

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
    SonarQube 6.7 LTS (6.7.4)

  • what are you trying to achieve

  • what have you tried so far to achieve this

It is a sample question I had from our security group:
They are asking me what kind of algorithm is being used fro generating a token.

I tried to grep that information from your site but cannot find anything.

Thanks,
Christian Miszczak.


(Colin Mueller) #2

Christian,

Digging into the 6.7.4 source code it looks like the token is generated using a SecureRandom and then hashed with SHA-384 for storage in the database.

Colin