Hashing algorithm for FastStats systems

Following the deprecation of the SHA-1 hash function, it is no longer recommended for use with digital signatures. For this reason, we recommended that all FastStats systems move away from SHA-1 to at least SHA-256 as soon as possible.

If your FastStats system is still set to SHA-1 Security Hash Method, then follow the steps below to upgrade the system to your preferred hash method.

Changing hash method for FastStats

To change the hash method for FastStats:

  1. Ask all users to log out.

  2. Open the FastStats Web Service Configurator.

  3. Click System, then Security.

  4. Set Hash method to desired level (SHA-256 minimum).

    You must then reset all users passwords.

  5. Open the FastStats Configurator.

  6. Click File, then Generate Password Hash.

  7. Enter password in the Password box, select the new hashing method used in the previous step and click Generate (if using password salt then check the Generate salt box).

    The Hash box populates with the hashed version of password.

  8. You must now update the Users table in the Control Database (WS DB) to change all user’s passwords and set a flag to force them to change their password on next login.

    To do this, use the following SQL script:

    Copy 
    USE TealHols
    UPDATE dbo.Users
    SET [Password] = 'daa0ae2248187da55ce3b006831cd0e76d22a03f84dc09a3497a58f2d02f8d1f' --generated hashed password
    , PasswordManuallyExpired = 1

  9. Users can now log back into FastStats using the password.

    They are prompted to change their password before they can continue into the system.

You have now updated the hash function on your FastStats system.

Changing hash method for Orbit

If the system also has Orbit running, then it may be necessary to update the hash method in the Orbit API Configurator.

To change the hash method in Orbit:

  1. Open the FastStats Orbit Update Configurator.

  2. In the API section, click Open API Configurator.

  3. In General > FS Config database, if the Connection string has a valid FS_ Config connection string then the changes made previously in the FastStats Configurator automatically appear.

  4. If not populated, then you must to go to the DataView tab > Session service and change the Hashing algorithm to match the method set in the FastStats Configurator Web Service.

  5. Save and Close the Orbit API Configurator.

You have now updated the hash function on your Orbit system.