[patch] Client-side encoding of admin logins
|Reported by:||Chris Beaven||Owned by:||Adrian Holovaty|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
Currently, passwords are sent via plain text when logging in.
Even though HTTPS is the ultimate solution, it would still be far more secure for clients to be able to send a digest instead. This has been discussed in #61, but the ticket description doesn't cover this specifically.
Passwords will be upgraded to a new algorithm which uses a psuedo-random salt based on username. This way, the client can calculate the salt rather than require a challenge-response.
Rather than sending the database hash, the hash itself is hashed for extra security.
The server provides half a random salt in the login form and the client generates the other half.
The server checks first against this secure password, then falls back to the raw password.