• twitter image
  • facebook image
  • youtube image
  • linkedin image
Language: CMS Made Simple Czech CMS Made Simple France CMS Made Simple Spain CMS Made Simple Hungary CMS Made Simple Russia CMS Made Simple Netherlands

All times are UTC




Post new topic Reply to topic  [ 2 posts ] 
Author Message
 Post subject: [closed] Per-backend-user password salting
PostPosted: Tue Sep 20, 2011 8:35 am 
Offline
Forum Members
Forum Members

Joined: Mon Apr 11, 2011 7:33 am
Posts: 13
It's good that password salting is coming for backend users.

I have 1.10-beta1, and there at least, the process uses the same salt (or none) for everyone. AFAIK, it's more secure to use per-person salting, even when someone malicious can access the tabled password data, hence the individual salts. Can't run all the users against a single dictionary (or whatever).

I've modded mine to append a random 8-byte salt to each user's 32-byte md5 hash. The space is already there in the database field. Takes only about a dozen extra lines of code total, for password creation and validation (the latter handling hash-only or hash+salt, according to what's stored).

Worth doing generally?


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: Per-backend-user password salting
PostPosted: Fri Sep 23, 2011 4:19 pm 
Offline
Dev Team Member
Dev Team Member
User avatar

Joined: Wed Apr 23, 2008 7:53 am
Posts: 7710
Location: The Netherlands
Hi tomphantoo

Thanks for helping us out testing ;)
tomphantoo \tomphantoo:
Worth doing generally?
Not at this moment...

Grtz. Rolf

_________________
$1

Did my post help you solving a problem at your (customers) website and it saved you many hours of work? Great!! Consider buying me a cup of coffee in return!



Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC


Who is online

Users browsing this forum: No registered users


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Hosting Nation - Managed CMSMS Hosting