Bcrypt support for passwords

Security is a fundamental topic for today’s business solution systems. At 4D, we understand its importance; that’s why we keep delivering features that tackle this topic.

And with 4D v19 R3, 4D now uses a stronger hashing algorithm for user passwords. Let’s find out more!

Say hello to the bcrypt algorithm

Simply put, all passwords are now hashed with the bcrypt algorithm instead of the legacy one based on MD5. 4D already allowed you to use bcrypt for web login, as described in this blog post. That’s why we decided to use the same algorithm for 4D authentication. The goal is to improve your directory file security. A brute force computing on a strong password hashed with bcrypt takes tens of years to succeed!

How to implement it?

You don’t need to touch any setting or any line of code. When the password is changed in the toolbox or using the CHANGE PASSWORD or Set user properties commands, its bcrypt hash is stored instead of the former hash. And during authentication, 4D automatically recognizes if the password is stored with legacy or bcrypt hash so that users continue to connect without changing their passwords! So to take advantage of this new algorithm and improve the security, you just have to tell your users to change their passwords.

Important: Keep in mind that if you modify passwords with 4D v19R3 or later, coming back to previous versions will cause authentication denials. Be careful, especially with Designer and Administrator password modification. So don’t forget to backup (the 4DB file for binary databases or the directory.json file for projects) before moving to the new version!

Finally, remember that to improve security, you need to watch for data leaks and use unique and strong passwords.

• Product Owner •Damien Fuzeau has joined the 4D Product team in February 2019. As a Product Owner, he is in charge of writing user stories, then translating them to functional specifications. His job also entails making sure that the feature implementations delivered are meeting the customer needs.Damien is graduated from the University of Nantes in software engineering. He spent more than 23 years in its former company, first as developer (discovering 4D in 1997), and later as engineering manager and software architect. This company is a 4D OEM partner and deployed 4D based business softwares for thousands users, on hundreds servers. So, Damien is used to 4D development and deployment in a multi-language context.