SiT! Bugs

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001889SiT!securitypublic2013-08-06 10:322013-08-06 10:32
Assigned Toivan 
PriorityurgentSeverityfeatureReproducibilityhave not tried
PlatformOSOS Version
Product Version 
Target VersionFixed in Version 
Summary0001889: Better password hashing
DescriptionWe should allow users to configure the hash they would like to use for passwords by selecting from a list of hash algorithms that PHP supports.

We can store hashed passwords as we do now in the password column but with a prefix to indicate the has thats being used. e.g. sha1:d40283f5267bc0ef2ecd52c3794d20fdcff43f01 or ripemd128:20e4f5eae40e886050edf2c0efd6fb85

If there is no prefix we can assume it's the old style MD5 (as current). Using this method we can detect if somebody is using a hash from a previous configuration and prompt the user to change their password which can then be hashed using the new algorithm.
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
There are no notes attached to this issue.

- Issue History
Date Modified Username Field Change
2013-08-06 10:32 ivan New Issue
2013-08-06 10:32 ivan Status new => assigned
2013-08-06 10:32 ivan Assigned To => ivan

Copyright © 2000 - 2020 MantisBT Team
Powered by Mantis Bugtracker