Re: we need to integrate new password algorhythm ASAP

Posted by Vaughan on 1205282877
the new password branch in svn uses 2 salts to hash the password with and then the final password +2salts is hashed using sha256.

it's basicly (broken down)

$pass_plain = 'plaintext_password'; $pass_salt = $userSalt.md5($pass_plain).$mainSalt; $final_hash = sha256($pass_salt);



that's a very basic description.

each of the salts is 64 characters long they are added to the pass_plain which is md5 before adding the salts.

then sha256 the result.

basicly sha256 is now hashing a 160 character password.

i don't think that can easily be bruteforced or decrypted. lol

This Post was from: https://www.impresscms.org/iforum/viewtopic.php?topic_id=1217&post_id=11281