Report message:*
 

Re: we need to integrate new password algorhythm ASAP

Subject: Re: we need to integrate new password algorhythm ASAP
by Zaphod on 2008/3/11 16:46:20

Good idea. Suggest also adding a password salt to make hash cracking more difficult when users choose a weak password, as no hash algorithm can protect against dictionary attacks.

I looked into this for xoops a while back. I could be (badly) wrong, but it looked like a new algorithm could be substituted in directly without any large code changes. The main issue was what alternative hashes are widely shipped with php.

The salt could be set in the installer, and also shouldn't require much changes beyond that.