[TYPO3-core] RFC: Feature Request #7139: Integration of fe_users password encryption
Ingmar Schlecht
ingmar at typo3.org
Tue Jan 15 19:55:23 CET 2008
Hi Ernesto,
Ernesto Baschny [cron IT] wrote:
> So I don't see what is wrong in what I have said.
You said "Reusing the same salt for all passwords on one site (even if
it is the "encryption key") is probably the same security as not using
any salt at all.".
Anyway, we both agree that a unique salt per password is more secure.
>>> $1$6ki0A8QD$BNqCdjMqQF8xeryq9odmb0
>>>
>>> $1 = md5 with 8 character salt
>>> The encrypted password can be obtained with the php "crypt()" method:
>>>
>>> http://www.php.net/crypt
>>
>> Good idea, but is crypt available on all plattforms?
>
> On any glibc-based system it should be available.
So what's up with Windows?
cheers
Ingmar
--
Ingmar Schlecht
TYPO3 Association Active Member
More information about the TYPO3-team-core
mailing list