[TYPO3-english] Salted hashes and security
typo3.lists at philippgampe.info
Fri Dec 16 12:56:18 CET 2011
Victor Livakovsky wrote:
> Hi, Markus.
>> What is the exact message shown by the report?
> The message is shown in "Security" section:
> "Backend user password hashes" - "Insecure"
> During the configuration check of saltedpasswords the following issues
> have been found:
> Warnings about your configuration
> SaltedPasswords might behave different than expected:
> The backend is configured to use SaltedPasswords with RSA
> SaltedPasswords has been configured to enforce salted passwords
> This means that only passwords in the format of this extension will
> succeed for login.
> IMPORTANT: This has the effect that passwords that are set from the
> Install Tool will not work!
> Note, that a wrong configuration might have impact on the security of your
> TYPO3 installation and the usability of the backend.
Yes, this message is partly wrong.
Can you open an issue on
More information about the TYPO3-english