[TYPO3-english] Typo3 hole leads to boom in hash cracking
David Bruchmann
typo3-en at bruchmann-web.de
Wed Jun 3 15:51:04 CEST 2009
----- Ursprüngliche Nachricht -----
Von: Vahan Amirbekyan <vamirbekyan at dgfoundation.org>
Gesendet: Montag, 1. Juni 2009 05:22:14
An: typo3-english at lists.netfielders.de
CC:
Betreff: [TYPO3-english] Typo3 hole leads to boom in hash cracking
> VERY IMPORTANT:
>
> http://www.h-online.com/news/Typo3-hole-leads-to-boom-in-hash-cracking--/112644
>
> can salt be added to the algorithm?
Even it has nothing to do with the Backend:
Some FE-Extensions send hashes by mail to validate a user.
Building Extensions I add a salt at the end of this hash to avoid that
random md5-hashes can validate a brutforce attacker. As salt I take the
time the user filled a form. Sure, it's not impossible to hack that by
brutforce but it's much more secure than typical md5 hashes I think.
Regards
David
More information about the TYPO3-english
mailing list