[patch] Password salt and other algorithms support
|Reported by:||Owned by:||Adrian Holovaty|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
The auth_users database table uses a field called password_md5 to hold passwords. However, if found, MD5 hashes can be broken pretty quickly with Rainbow Tables.
Could you please consider using SHA-512 encryption instead, perhaps with a varchar(128) field called "password_sha512"?
All the best,
Change History (27)
comment:7 Changed 11 years ago by
|milestone:||→ Version 1.0|
|priority:||normal → high|
|Type:||defect → enhancement|
comment:10 Changed 11 years ago by
|Summary:||Perhaps SHA-512 hashes for passwords? → Password salt and other algorithms support|
comment:14 Changed 11 years ago by
|Summary:||Password salt and other algorithms support → [patch] Password salt and other algorithms support|