[TYPO3-english] Salted hashes and security
Philipp Gampe
typo3.lists at philippgampe.info
Fri Dec 16 12:56:18 CET 2011
Hi Victor,
Victor Livakovsky wrote:
> Hi, Markus.
>
>> What is the exact message shown by the report?
>
> The message is shown in "Security" section:
> "Backend user password hashes" - "Insecure"
> During the configuration check of saltedpasswords the following issues
> have been found:
>
> Warnings about your configuration
> SaltedPasswords might behave different than expected:
>
> The backend is configured to use SaltedPasswords with RSA
> authentication.
>
> SaltedPasswords has been configured to enforce salted passwords
> (forceSalted).
> This means that only passwords in the format of this extension will
> succeed for login.
> IMPORTANT: This has the effect that passwords that are set from the
> Install Tool will not work!
>
>
> Note, that a wrong configuration might have impact on the security of your
> TYPO3 installation and the usability of the backend.
Yes, this message is partly wrong.
Can you open an issue on
http://forge.typo3.org/projects/typo3v4-core/issues
Best regards
--
Philipp Gampe
More information about the TYPO3-english
mailing list