Request: password crypting

Discission about the future of Aardvark Topsites PHP.

Re: Request: password crypting

Postby Basti » 2009-10-07 10:36 am

Arent the passwords md5 hashed allready *think* lol. or was it just the admin pass. Well if only admin i wonder why only that :P
Basti
Advanced Member
 
Posts: 1619
Joined: 2004-06-20 06:17 pm
Location: Germany

Re: Request: password crypting

Postby Basti » 2009-10-07 12:05 pm

Oh well thats to high for me :P

We would need to wait for jeremy to kick in, which can take long time.
Basti
Advanced Member
 
Posts: 1619
Joined: 2004-06-20 06:17 pm
Location: Germany

Re: Request: password crypting

Postby Basti » 2009-10-08 10:05 am

If i remember right he studying or so. which keeps him so busy that he cant work on this as much as he want
Basti
Advanced Member
 
Posts: 1619
Joined: 2004-06-20 06:17 pm
Location: Germany

Re: Request: password crypting

Postby Jeremy » 2009-11-15 09:41 pm

i was young and naive when i wrote the first version of this script. current security best practices would be to salt and use sha1 (or is there something better yet?). what should be done in the next version (5.3.0) is to keep the old md5 hashes, add a column for the new hashes, and then when the user logs in, update the new hash and delete the old hash.

as for when i will actually do this... i have no idea.
Jeremy
Supreme Diety
 
Posts: 8922
Joined: 2003-05-05 04:41 pm
Location: NJ, USA


Return to Development

Who is online

Users browsing this forum: No registered users and 2 guests

cron