[TYPO3-english] Typo3 hole leads to boom in hash cracking
typo3-en at bruchmann-web.de
Wed Jun 3 15:51:04 CEST 2009
----- Ursprüngliche Nachricht -----
Von: Vahan Amirbekyan <vamirbekyan at dgfoundation.org>
Gesendet: Montag, 1. Juni 2009 05:22:14
An: typo3-english at lists.netfielders.de
Betreff: [TYPO3-english] Typo3 hole leads to boom in hash cracking
> VERY IMPORTANT:
> can salt be added to the algorithm?
Even it has nothing to do with the Backend:
Some FE-Extensions send hashes by mail to validate a user.
Building Extensions I add a salt at the end of this hash to avoid that
random md5-hashes can validate a brutforce attacker. As salt I take the
time the user filled a form. Sure, it's not impossible to hack that by
brutforce but it's much more secure than typical md5 hashes I think.
More information about the TYPO3-english