[TYPO3-project-4-3] saltedpasswords for v4.3
Steffen Ritter
info at rs-websystems.de
Thu Jun 18 10:48:06 CEST 2009
Fernando Arconada schrieb:
> Why md5? md5 isnt secure now even sha1 are going to fail soon but it is better than md5
we - for shure don't do md5(salt+password).
We are using crypt of an overall used unix library[1]
It's what you get using mysql "encrypt", what's stored in your
/etc/shadow for unix shadow passwords, etc...
There always will be a better way or another... even this library is
extended time by time... So since we need to get it portable this is the
most portable way ever.
First of all we currently do in fe plain storage and in be md5 storage,
so there is a big improovement.
Second I personally think, on this library most of system
authentification of the servers we host TYPO3 in is based, their
mailservers, mysql auth etc. If you consider this not to be secure
enough, or want more security in TYPO3, the websoftwaret is not your
problem but the server...
regards
Steffen
More information about the TYPO3-project-4-3
mailing list