[TYPO3-project-4-3] saltedpasswords for v4.3
Steffen Gebert
steffen at steffen-gebert.de
Sat Jun 20 12:49:48 CEST 2009
Sebastian Fischer wrote:
>> Some facts:
>> - on first login "oldformat" passwords are converted to salted if
>> "updatePasswd" is set (standard).
>
> What happens if a password is already md5 crypted in the db?
The password is available in clear-text at login. So first it's checked, if
the password matches the md5ed one and then (if updatePasswd enabled) the
clear-text password is hashed+salted and saved.
> After reading i ask myself why didn't we have a feature like this until
> now.
Maybe because it was a huge task to do this! You see all the small itches,
where e.g. md5 is hardcoded.
So thanks to Marcus, Steffen and everybody else, who is/was involved!
Steffen
More information about the TYPO3-project-4-3
mailing list