[TYPO3-core] RFC: Feature Request #7139: Integration of fe_users password encryption

Ingmar Schlecht ingmar at typo3.org
Tue Jan 15 19:55:23 CET 2008


Hi Ernesto,

Ernesto Baschny [cron IT] wrote:
> So I don't see what is wrong in what I have said.

You said "Reusing the same salt for all passwords on one site (even if 
it is the "encryption key") is probably the same security as not using 
any salt at all.".

Anyway, we both agree that a unique salt per password is more secure.

>>> $1$6ki0A8QD$BNqCdjMqQF8xeryq9odmb0
>>>
>>> $1 = md5 with 8 character salt
>>> The encrypted password can be obtained with the php "crypt()" method:
>>>
>>> http://www.php.net/crypt
>>
>> Good idea, but is crypt available on all plattforms?
> 
> On any glibc-based system it should be available.

So what's up with Windows?

cheers
Ingmar

-- 
Ingmar Schlecht
TYPO3 Association Active Member


More information about the TYPO3-team-core mailing list