[Typo3-dev] change hash algorithm
Martin Ficzel
martin.ficzel at gmx.de
Wed Nov 16 13:10:27 CET 2005
Christoph Koehler wrote:
> Hey,
>
> I just read this on slashdot.
>
> http://it.slashdot.org/article.pl?sid=05/11/15/2037232&from=rss
>
> While this doesn't mean you can get a collision from a hash yet, it
> might not be long until you can. Are there any plans to switch to SHA-1
> or another more secure hash algorithm in the near future?
>
> Christoph
i think that additionally the fe-passwords should also be protected with
some hashing by default (i know there is an extension)
regards Martin
PS: to achieve backwards-compatibility it would be good to add an option
to the install-tool
something like
fe_pw_hashing = [none|md5|sha1|scha256] default none
be_pw_hashing = [none|md5|sha1|scha256] default md5
that would make it possible to keep existing installations running
because after changing the hash-algorythm all accounts will loose their
passwords
More information about the TYPO3-dev
mailing list