SiT! Bugs - SiT!
View Issue Details
0001889SiT!securitypublic2013-08-06 10:322013-08-06 10:32
urgentfeaturehave not tried
0001889: Better password hashing
We should allow users to configure the hash they would like to use for passwords by selecting from a list of hash algorithms that PHP supports.

We can store hashed passwords as we do now in the password column but with a prefix to indicate the has thats being used. e.g. sha1:d40283f5267bc0ef2ecd52c3794d20fdcff43f01 or ripemd128:20e4f5eae40e886050edf2c0efd6fb85

If there is no prefix we can assume it's the old style MD5 (as current). Using this method we can detect if somebody is using a hash from a previous configuration and prompt the user to change their password which can then be hashed using the new algorithm.
No tags attached.
Issue History
2013-08-06 10:32ivanNew Issue
2013-08-06 10:32ivanStatusnew => assigned
2013-08-06 10:32ivanAssigned To => ivan

There are no notes attached to this issue.