[pLog-svn] Salted MD5
Mark Wu
markplace at gmail.com
Tue Mar 11 21:27:50 EDT 2008
mmm .... , it is an good option, too.
Mark
_____
From: plog-svn-bounces at devel.lifetype.net
[mailto:plog-svn-bounces at devel.lifetype.net] On Behalf Of Matt Wood
Sent: Wednesday, March 12, 2008 4:37 AM
To: LifeType Developer List
Subject: Re: [pLog-svn] Salted MD5
At the login page you could do a check on the length of the database field
returned (md5 is shorter than sha256), and since you have the cleartext
password at that point you can recompute the new hash after comparing it to
the md5($cleartext) to see if it matched.
On Tue, Mar 11, 2008 at 2:04 AM, Mark Wu <markplace at gmail.com> wrote:
** sha2($salt + sha2($password + $salt))
I consider this before, the problem is I have to keep the compatibility.
In lieftype 1.2.x and before, the $password is stored in database with
md5($password)...
So, any algorithm have to based on this, like
sha2($salt + md5($password) + sha2($salt)) or
sha2(md5($password) + $private_key)
Or, there is no way for us to upgrade.... since we can not get the original
plain text password
Unless we leave an option for user( administrator) to use the old algorithm.
Mark
_____
From: plog-svn-bounces at devel.lifetype.net
[mailto:plog-svn-bounces at devel.lifetype.net] On Behalf Of Matt Wood
Sent: Tuesday, March 11, 2008 1:49 PM
To: LifeType Developer List
Subject: Re: [pLog-svn] Salted MD5
More information about the pLog-svn
mailing list