[TYPO3-dev] Password handling (Regarding youngest security issues)

[Sebastian Gebhard]

Marcus Krause schrieb:
> Therefore, we will use salts which then are stored together with the
> password hash.
> Salts will be different for every user records.

Hi Marcus,

imho that makes my proposal obsolete since i consider yours as much better.

The advantage is not only that users may be migrated more easily, an 
attacker would also have to create a rainbow table for every single user 
to find out the passwords.
I think in most cases this won't be worth it for attacker because they 
have no guarantee that the password they might retreive after a lot of 
work will be useful for them.