Menu

Collabim security policy

Briefly about our security policy, aka passwords and servers

Storing passwords

Your passwords are stored in a format of slow hash function called bcrypt. Password itself is before encrypted so called "salted" with a technology called salt. We are using two salts - first is variable (stored with user data) and the second is fixed and it's saved in a source code only.

Your password is stored in this format from 3.5.2018. Old password are transmitted to this new storing procedure.

Exactly:

stored password = bcrypt(base64_encode(sha1(individual salt + password + static salt)))

Till 3.5.2018, the passwords were stored:

stored password = sha1(individual salt + password + static salt)

A security rating

Thanks to our security policy, we have an A rating. More information.

Our servers and the access to them

Our servers are situated in the datacentres in Ireland and Frankfurt by Amazon (AWS). The communication between servers are VPC only, that means only at the private IP addresses without direct connection to the internet. There are some exceptions, as a few servers which are dedicated to front-end application, those server are accessible at the ports http 80 (for the redirection only) and https 443.

Our developers are accessing the server via private secured and encrypted VPN over SSH only.

The passwords to the important services (privacy and sensitive data) are changed in the regular intervals.