Hi there
I have a project where FEU salting is not secure enough for a client. Has anyone tried or know if there is a Argon2 or bcrypt solution for FEU (and hopefully the CMS users)?
Happy to code something up but I cannot see how it could be upgrade safe.
Thanks in advance
Michael
FEU using Argon2 or Bcrypt
-
- Support Guru
- Posts: 8169
- Joined: Tue Oct 19, 2004 6:44 pm
- Location: Fernie British Columbia, Canada
Re: FEU using Argon2 or Bcrypt
The new version of FEU uses bcrypt for any newly saved passwords.
For backwards compatibility it can still READ and authenticated two different types of older passwords. but it only writes using bcrypt encrypted hashes.
For backwards compatibility it can still READ and authenticated two different types of older passwords. but it only writes using bcrypt encrypted hashes.
Follow me on twitter
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
--------------------
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
--------------------
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.
Re: FEU using Argon2 or Bcrypt
Beautiful - this is why CMSMS is the best CMS platform in the world!
Re: FEU using Argon2 or Bcrypt
Hi there
Just hit a snag with upgrading as now existing user properties now come up with random characters.
Does that piece of code need updating to handle algorithm changes?
Just hit a snag with upgrading as now existing user properties now come up with random characters.
Does that piece of code need updating to handle algorithm changes?