above review was abandoned. new review(s) at remote: https://reviews.mahara.org/854 remote: https://reviews.mahara.org/855
-- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. https://bugs.launchpad.net/bugs/843568 Title: Stored passwords with a stronger hash algorithm Status in Mahara ePortfolio: In Progress Bug description: MD5 is broken, we should switch to something better. Ideally, we should use PHP 5.3.2's crypt() function (http://nz.php.net/manual/en/function.crypt.php) with the CRYPT_BLOWFISH algorithm. Not sure what cost parameter we should use, but ideally a large number (we should do tests here). Note that bulk creation of users will be slowed down by using a slow hash. So perhaps in that case, we should use SHA256. Which means that Mahara needs to recognize 3 hash formats at least: - the existing MD5-hashed passwords - the new Blowfish ones - the new SHA256 ones To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/843568/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
