[TYPO3-dev] Password handling (Regarding youngest security issues)

Xavier Perseguers typo3 at perseguers.ch
Fri Nov 14 18:16:58 CET 2008


Sebastian Gebhard wrote:
> Marcus Krause schrieb:
>> Therefore, we will use salts which then are stored together with the
>> password hash.
>> Salts will be different for every user records.
> 
> Hi Marcus,
> 
> imho that makes my proposal obsolete since i consider yours as much better.
> 
> The advantage is not only that users may be migrated more easily, an 
> attacker would also have to create a rainbow table for every single user 
> to find out the passwords.
> I think in most cases this won't be worth it for attacker because they 
> have no guarantee that the password they might retreive after a lot of 
> work will be useful for them.

Did someone read what I wrote about the superchallenge authentication?

-- 
Xavier Perseguers
http://xavier.perseguers.ch/en




More information about the TYPO3-dev mailing list