[TYPO3-english] Typo3 hole leads to boom in hash cracking

David Bruchmann typo3-en at bruchmann-web.de
Wed Jun 3 15:51:04 CEST 2009

----- Ursprüngliche Nachricht -----
Von:        Vahan Amirbekyan <vamirbekyan at dgfoundation.org>
Gesendet:   Montag, 1. Juni 2009 05:22:14
An:         typo3-english at lists.netfielders.de
Betreff:    [TYPO3-english]  Typo3 hole leads to boom in hash cracking
> http://www.h-online.com/news/Typo3-hole-leads-to-boom-in-hash-cracking--/112644
> can salt be added to the algorithm?

Even it has nothing to do with the Backend:

Some FE-Extensions send hashes by mail to validate a user.
Building Extensions I add a salt at the end of this hash to avoid that 
random md5-hashes can validate a brutforce attacker. As salt I take the 
time the user filled a form. Sure, it's not impossible to hack that by 
brutforce but it's much more secure than typical md5 hashes I think.


More information about the TYPO3-english mailing list