[TYPO3-dev] Password handling (Regarding youngest security issues)
Sebastian Gebhard
sg at webagentur-gebhard.de
Fri Nov 14 18:05:43 CET 2008
Marcus Krause schrieb:
> Therefore, we will use salts which then are stored together with the
> password hash.
> Salts will be different for every user records.
Hi Marcus,
imho that makes my proposal obsolete since i consider yours as much better.
The advantage is not only that users may be migrated more easily, an
attacker would also have to create a rainbow table for every single user
to find out the passwords.
I think in most cases this won't be worth it for attacker because they
have no guarantee that the password they might retreive after a lot of
work will be useful for them.
More information about the TYPO3-dev
mailing list