[TYPO3-dev] salted passwords +hashing method
Steffen Ritter
info at rs-websystems.de
Fri Jul 15 09:21:02 CEST 2011
Am 15.07.2011 09:14, schrieb Georg Schönweger:
> Hi all,
>
> what's the recommended hashing method setting for Typo3 4.5? In
> /saltedpasswords /manual i read "phpass: *default and recommended
> setting*" .. but in Configuration (Extension Manager) the default method
> is "MD5 salted hashing". So which method is recommended?
well this resides in a "little conflict" of us two extension authors in
what would be the most use target ;)
- the most secure way is blowfish
- the most exchangable way between several php based online systems
(drupal, wordpress) will be phppass
- the most systeminterchangable will be md5/blowfish (i.e. crypt api) as
these passwords could be used for syslogin at linux/mac/unix/ldap,
mysql, ftp etc... (all what uses standard authentification method on
unix). this is becaused it uses the systems crypt library...
Furthermore - if you have an up to date system, you easily could switch
to higher encryption standards...
I fought for system-interchangable, Marcus for php-interchangable :)
md5 ist default because it is the only one crypt variant which on every
php 5.2 system will be available.
regards
Stefffen
More information about the TYPO3-dev
mailing list