Last updated Oct 3, 2024

Password hash algorithm

Since:

Confluence 3.5 and later.

Confluence uses the salted PKCS5S2 implementation provided by Embedded Crowd.

Confluence versions before 3.5 used a password hash algorithm based on BouncyCastle's SHA1-512 implementation. You can see one version of the source code for it here. The entire Confluence source code is available here.

If you'd like to try to import users from a different user management system into a local instance of Confluence, you're likely to be better off using a different solution than re-hashing existing passwords. Some options would be:

  1. Use Crowd, which is extendable and offers connectors to user repositories.
  2. Import users using their plain text passwords, leveraging the Confluence XML-RPC and SOAP APIs. One good client is the Confluence Command Line Interface.

Rate this page: