[TYPO3-project-4-3] saltedpasswords for v4.3

Steffen Ritter info at rs-websystems.de
Thu Jun 18 11:07:30 CEST 2009


Fernando Arconada schrieb:
> i dontn criticing your work, i think that saltedpasswords are a big improvement for TYPO3.

did not see it like this, just wanted to give you further details and 
my/our thoughts behind

I'm only telling you that md5 and sha1 are broken
> (at least md5) 
i think we all know

> to review the health of crytography time to time and may be this is the 
> reason of my paranoia

Indeed there always a risk, and the more you know the more you'll have 
"paranoia"...

> I was just a comment

I like comments and discussion :)
Are you into the current developments of the crypt-libraries? Is there 
an progress into moving to more secure algorithm?

One Big thing I think is: it's enough if our software is as secure as 
the rest of the system. And using sys-libraries, we don't personally 
have to care about bugs, security wholes etc and improvements. It will 
be fixed fast and included in system updates... Which is - to me - a big 
benefit for our project.

regards


More information about the TYPO3-project-4-3 mailing list