[TYPO3-english] Typo3 hole leads to boom in hash cracking
erik at linnearad.no
Mon Jun 1 11:23:53 CEST 2009
Vahan Amirbekyan skrev:
> VERY IMPORTANT:
> can salt be added to the algorithm?
This is old news, and has been patched long ago.
As far as I know, salt kan not be added to the Install Tool hashed
password in localconf.php (I may be wrong). But the Install Tool should
never be accessible after the installation of the site.
For BE-users and FE-users it's possible to use salt, through a specific
And salted MD5 password, RSA and OpenID will be part of Version 4.3
More information about the TYPO3-english