[TYPO3-dev] saltedpasswords and umlauts
Steffen Ritter
info at rs-websystems.de
Thu Aug 12 09:59:09 CEST 2010
Am 12.08.2010 09:48, schrieb Steffen Gebert:
> Hi,
>
> I switched one of my sites to 4.4+saltedpasswords over the weekend.
> No the first user complains that he's not able to login anymore -
> assuming the "ü" in his password can be the problem.
>
> I tried this and -locked me out of my installation-.. ahh.. saw he was
> right :)
> Saltedpasswords and umlauts in passwords cause the next login to fail.
>
> Marcus, Steffen or anybody else: Are you aware of this / did you
> experience this already?
> Is this a configuration problem on my site?
>
> The site is complete utf8 and the error seems to happen while automatic
> conversion from md5->salted and manual password changes (after having
> saltedpw activated).
>
> Do you have any starting point for me to debug?
>
> I tried it using HTTPS and HTTP (using RSA), none of them works.
> On my local installation, I also tried salted MD5 instead of PHPASS, but
> this also didn't change anything.
>
> Kind regards
> Steffen
>
afaik the the problem should be rsa, not the salting itself - try if
your server is able to handle umlaut passwords for console users - if
so, TYPO3 will be too (at least if you do not use PHPPASS).
Furthermore, if you do not need password interaction with different
system you should try blowfish or at least md5 instead of of PHPPASS.
If you deactivated RSA for sure you have to set the password again (so
that the error does not get into db - depending on where you set it.
Even if the "salting" would not able to handle the umlaut, the
"encrypting" result would have been the same with to times the same term.
regards
Steffen
More information about the TYPO3-dev
mailing list