[TYPO3-project-4-3] saltedpasswords for v4.3
Fernando Arconada
falcifer2001 at yahoo.es
Thu Jun 18 10:59:36 CEST 2009
i dontn criticing your work, i think that saltedpasswords are a big
improvement for TYPO3. I'm only telling you that md5 and sha1 are broken
(at least md5) cause of i'm working for the goberment of my state i use
to review the health of crytography time to time and may be this is the
reason of my paranoia
I was just a comment
El Thu, 18 Jun 2009 10:48:06 +0200, Steffen Ritter escribió:
> Fernando Arconada schrieb:
>> Why md5? md5 isnt secure now even sha1 are going to fail soon but it is
>> better than md5
> we - for shure don't do md5(salt+password). We are using crypt of an
> overall used unix library[1] It's what you get using mysql "encrypt",
> what's stored in your /etc/shadow for unix shadow passwords, etc...
>
>
> There always will be a better way or another... even this library is
> extended time by time... So since we need to get it portable this is the
> most portable way ever.
>
> First of all we currently do in fe plain storage and in be md5 storage,
> so there is a big improovement.
>
> Second I personally think, on this library most of system
> authentification of the servers we host TYPO3 in is based, their
> mailservers, mysql auth etc. If you consider this not to be secure
> enough, or want more security in TYPO3, the websoftwaret is not your
> problem but the server...
>
>
> regards
>
> Steffen
More information about the TYPO3-project-4-3
mailing list