[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 David Cook changed: What|Removed |Added See Also||https://bugs.koha-community ||.org/bugzilla3/show_bug.cgi ||?id=33114 -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 Jonathan Druart changed: What|Removed |Added Blocks||12367 -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 --- Comment #97 from Robin Sheat --- *** Bug 11013 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 Robin Sheat changed: What|Removed |Added Blocks||11013 -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 Galen Charlton changed: What|Removed |Added Status|Passed QA |Pushed to Master CC||gmcha...@gmail.com --- Comment #96 from Galen Charlton --- Pushed to master. Thanks, Srikanth! -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 Kyle M Hall changed: What|Removed |Added Status|Signed Off |Passed QA -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 Kyle M Hall changed: What|Removed |Added Attachment #21777|0 |1 is obsolete|| --- Comment #95 from Kyle M Hall --- Created attachment 21796 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=21796&action=edit Bug 9611 - followup to fix POD Small patch to make koha-qa happy. Fixes small POD error Signed-off-by: Bernardo Gonzalez Kriegel Signed-off-by: Kyle M Hall All patches pass koha-qa.pl, works as advertised! -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 Kyle M Hall changed: What|Removed |Added Attachment #21776|0 |1 is obsolete|| --- Comment #94 from Kyle M Hall --- Created attachment 21795 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=21795&action=edit Bug 9611: Database update, changing password from varchar(30) to varchar(60) This is necessary because Bcrypt hashes are longer than MD5 hashes. Signed-off-by: Bernardo Gonzalez Kriegel Signed-off-by: Mason James Signed-off-by: Galen Charlton Signed-off-by: Kyle M Hall -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 Kyle M Hall changed: What|Removed |Added Attachment #21771|0 |1 is obsolete|| --- Comment #91 from Kyle M Hall --- Created attachment 21792 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=21792&action=edit bug_9611: removed md5_base64 from imports - not used Signed-off-by: Bernardo Gonzalez Kriegel Signed-off-by: Kyle M Hall -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 Kyle M Hall changed: What|Removed |Added Attachment #21775|0 |1 is obsolete|| --- Comment #93 from Kyle M Hall --- Created attachment 21794 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=21794&action=edit bug_9611: use checkpw_hash() instead of md5 hash Test: * SIP: Have an old user and create a new user - use either tenet sip test or C4/SIP/interactive_patron_check_password.pl to check old userid/password - do the same for the new user Signed-off-by: Bernardo Gonzalez Kriegel Work as described Test 1) using perl C4/SIP/interactive_patron_check_password.pl can check current (short) and new (long) passwords Signed-off-by: Kyle M Hall -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 Kyle M Hall changed: What|Removed |Added Attachment #21772|0 |1 is obsolete|| --- Comment #92 from Kyle M Hall --- Created attachment 21793 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=21793&action=edit bug_9611: use hash_password() and checkpw_* instead of md5 hash Test: * LDAP: - Turn on LDAP auth in koha-config.xml. Sset "update" in your server config to 1 - Change user's password on LDAP - Login to Koha using LDAP - Koha password should be updated, to check - Turn off LDAP auth in koha-config.xml - You should be ble to log in with the new password I do not have a LDAP facility, so I cheated. I ran perl -e 'use C4::Auth_with_ldap; C4::Auth_with_ldap::_do_changepassword("srdjan", 122259, "srdjan");' and was able to change the password. Signed-off-by: Bernardo Gonzalez Kriegel Work as described. Test 1) change to 1 2) copy/paste sample config from perldoc C4/Auth_with_ldap 3) using sample script was able to change password, use (userid, borrowernumber, newpass) as arguments 4) checked with OPAC and in database Signed-off-by: Kyle M Hall -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 Kyle M Hall changed: What|Removed |Added Attachment #21770|0 |1 is obsolete|| --- Comment #90 from Kyle M Hall --- Created attachment 21791 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=21791&action=edit bug_9611: Extracted checkpw_internal() and checkpw_hash() from checkpw() Signed-off-by: Bernardo Gonzalez Kriegel Signed-off-by: Kyle M Hall -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 Kyle M Hall changed: What|Removed |Added Attachment #21769|0 |1 is obsolete|| --- Comment #89 from Kyle M Hall --- Created attachment 21790 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=21790&action=edit Bug 9611: Change the password hashing algorithm from MD5 to Bcrypt What this patch aims to accomplish? * All new passwords are stored as Bcrypt-hashes * For password verification: - If the user was created before this patch was applied then use MD5 to hash the entered password <-- backwards compatibility - If the user was created after this patch was applied then use Bcrypt to hash the entered password * Any password change made via the staff interface or the OPAC will be automatically Bcrypt-hashed; this applies to old users whose passwords were stored as MD5 hashes previously Test plan: 1) Add new users and check whether their passwords are stored as Bcrypt hashes or not. 2) To test that authentication works for both old as well as new users: a) Login as an existing user whose password is stored as a MD5 hash b) Login as an existing user whose password is stored as a Bcrypt hash 3) In the staff interface, change the password of an existing user whose password is stored as an MD5 hash a) Check the new password is stored as a Bcrypt-hash in the database b) Try to login with the new password 4) In the OPAC, verify that a) Old user with old pass can change password, new format b) New user with new pass can change password c) Old and new user with self-updated pass can login Whitespace cleanup was contributed by Bernardo Gonzalez Kriegel. Signed-off-by: Bernardo Gonzalez Kriegel Signed-off-by: Mason James Signed-off-by: Galen Charlton Signed-off-by: Kyle M Hall -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 Kyle M Hall changed: What|Removed |Added Attachment #21768|0 |1 is obsolete|| --- Comment #88 from Kyle M Hall --- Created attachment 21789 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=21789&action=edit Bug 9611: add Crypt::Eksblowfish::Bcrypt to list of Perl dependencies Signed-off-by: Bernardo Gonzalez Kriegel Signed-off-by: Mason James Signed-off-by: Galen Charlton Signed-off-by: Kyle M Hall -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 --- Comment #78 from Katrin Fischer --- Hm, but i messed up attaching the rebased patch, trying again. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 --- Comment #87 from Katrin Fischer --- The conflict was in bug_9611: use hash_password() and checkpw_* instead of md5 hash at the very beginning. I think it was caused by this very recent change: http://git.koha-community.org/gitweb/?p=koha.git;a=blobdiff;f=C4/Auth_with_ldap.pm;h=0efeb95dca806015fbcbc9f05e7227a9d93138a3;hp=d7a5e9a3cfe588359e2cee593b939fdd00c8900c;hb=561107bb5b348eaa14054e3470f39ff9cf080d22;hpb=7e3f8e0838584a89f3fbdce8e956880de8556d7a Hoping it's ok :) -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 --- Comment #86 from Katrin Fischer --- Created attachment 21777 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=21777&action=edit Bug 9611 - followup to fix POD Small patch to make koha-qa happy. Fixes small POD error Signed-off-by: Bernardo Gonzalez Kriegel -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 --- Comment #84 from Katrin Fischer --- Created attachment 21775 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=21775&action=edit bug_9611: use checkpw_hash() instead of md5 hash Test: * SIP: Have an old user and create a new user - use either tenet sip test or C4/SIP/interactive_patron_check_password.pl to check old userid/password - do the same for the new user Signed-off-by: Bernardo Gonzalez Kriegel Work as described Test 1) using perl C4/SIP/interactive_patron_check_password.pl can check current (short) and new (long) passwords -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 --- Comment #85 from Katrin Fischer --- Created attachment 21776 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=21776&action=edit Bug 9611: Database update, changing password from varchar(30) to varchar(60) This is necessary because Bcrypt hashes are longer than MD5 hashes. Signed-off-by: Bernardo Gonzalez Kriegel Signed-off-by: Mason James Signed-off-by: Galen Charlton -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 --- Comment #81 from Katrin Fischer --- Created attachment 21770 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=21770&action=edit bug_9611: Extracted checkpw_internal() and checkpw_hash() from checkpw() Signed-off-by: Bernardo Gonzalez Kriegel -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 --- Comment #82 from Katrin Fischer --- Created attachment 21771 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=21771&action=edit bug_9611: removed md5_base64 from imports - not used Signed-off-by: Bernardo Gonzalez Kriegel -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 --- Comment #83 from Katrin Fischer --- Created attachment 21772 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=21772&action=edit bug_9611: use hash_password() and checkpw_* instead of md5 hash Test: * LDAP: - Turn on LDAP auth in koha-config.xml. Sset "update" in your server config to 1 - Change user's password on LDAP - Login to Koha using LDAP - Koha password should be updated, to check - Turn off LDAP auth in koha-config.xml - You should be ble to log in with the new password I do not have a LDAP facility, so I cheated. I ran perl -e 'use C4::Auth_with_ldap; C4::Auth_with_ldap::_do_changepassword("srdjan", 122259, "srdjan");' and was able to change the password. Signed-off-by: Bernardo Gonzalez Kriegel Work as described. Test 1) change to 1 2) copy/paste sample config from perldoc C4/Auth_with_ldap 3) using sample script was able to change password, use (userid, borrowernumber, newpass) as arguments 4) checked with OPAC and in database -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 --- Comment #80 from Katrin Fischer --- Created attachment 21769 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=21769&action=edit Bug 9611: Change the password hashing algorithm from MD5 to Bcrypt What this patch aims to accomplish? * All new passwords are stored as Bcrypt-hashes * For password verification: - If the user was created before this patch was applied then use MD5 to hash the entered password <-- backwards compatibility - If the user was created after this patch was applied then use Bcrypt to hash the entered password * Any password change made via the staff interface or the OPAC will be automatically Bcrypt-hashed; this applies to old users whose passwords were stored as MD5 hashes previously Test plan: 1) Add new users and check whether their passwords are stored as Bcrypt hashes or not. 2) To test that authentication works for both old as well as new users: a) Login as an existing user whose password is stored as a MD5 hash b) Login as an existing user whose password is stored as a Bcrypt hash 3) In the staff interface, change the password of an existing user whose password is stored as an MD5 hash a) Check the new password is stored as a Bcrypt-hash in the database b) Try to login with the new password 4) In the OPAC, verify that a) Old user with old pass can change password, new format b) New user with new pass can change password c) Old and new user with self-updated pass can login Whitespace cleanup was contributed by Bernardo Gonzalez Kriegel. Signed-off-by: Bernardo Gonzalez Kriegel Signed-off-by: Mason James Signed-off-by: Galen Charlton -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 Katrin Fischer changed: What|Removed |Added Attachment #21621|0 |1 is obsolete|| Attachment #21622|0 |1 is obsolete|| Attachment #21623|0 |1 is obsolete|| Attachment #21624|0 |1 is obsolete|| Attachment #21626|0 |1 is obsolete|| Attachment #21627|0 |1 is obsolete|| Attachment #21628|0 |1 is obsolete|| Attachment #21767|0 |1 is obsolete|| --- Comment #79 from Katrin Fischer --- Created attachment 21768 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=21768&action=edit Bug 9611: add Crypt::Eksblowfish::Bcrypt to list of Perl dependencies Signed-off-by: Bernardo Gonzalez Kriegel Signed-off-by: Mason James Signed-off-by: Galen Charlton -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 Katrin Fischer changed: What|Removed |Added CC||katrin.fisc...@bsz-bw.de --- Comment #77 from Katrin Fischer --- Hi Kyle, I think I was able to fix the conflict - It was removing C4::Utils that has gone into master very recently. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 Katrin Fischer changed: What|Removed |Added Attachment #21625|0 |1 is obsolete|| --- Comment #76 from Katrin Fischer --- Created attachment 21767 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=21767&action=edit bug_9611: Extracted checkpw_internal() and checkpw_hash() from checkpw() Signed-off-by: Bernardo Gonzalez Kriegel -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 Katrin Fischer changed: What|Removed |Added Status|Patch doesn't apply |Signed Off -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 Kyle M Hall changed: What|Removed |Added Status|Signed Off |Patch doesn't apply -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 --- Comment #75 from Srdjan Jankovic --- That's why I prefer testing instructions in the comments rather than in the commits. Maybe the best way would be to have a separate attachment. Anyway, by popular demand: Test plan: 1) Add new users and check whether their passwords are stored as Bcrypt hashes or not (directly on the database). 2) To test that authentication works for both old as well as new users: a) Login as an existing user whose password is stored as a MD5 hash b) Login as an existing user whose password is stored as a Bcrypt hash 3) In the staff interface, change the password of an existing user whose password is stored as an MD5 hash a) Check the new password is stored as a Bcrypt-hash in the database b) Try to login with the new password 4) In the OPAC, verify that a) Old user with old pass can change password, new format b) New user with new pass can change password c) Old and new user with self-updated pass can login 5) SIP: Have an old user and create a new user a) use either tenet sip test or C4/SIP/interactive_patron_check_password.pl to check old userid/password b) do the same for the new user 6) LDAP: - Turn on LDAP auth in koha-config.xml. - Set "update" in your server config to 1 a) Change user's password on LDAP b) Login to Koha using LDAP - Koha password should be updated. To check turn off LDAP auth in koha-config.xml. You should be ble to log in with the new password -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 Bernardo Gonzalez Kriegel changed: What|Removed |Added Status|Needs Signoff |Signed Off --- Comment #74 from Bernardo Gonzalez Kriegel --- Last comment: for QA sake, perhaps you can summarize in a comment all tests that need to be done. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 --- Comment #73 from Bernardo Gonzalez Kriegel --- Created attachment 21628 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=21628&action=edit Bug 9611 - followup to fix POD Small patch to make koha-qa happy. Fixes small POD error Signed-off-by: Bernardo Gonzalez Kriegel -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 Bernardo Gonzalez Kriegel changed: What|Removed |Added Attachment #21615|0 |1 is obsolete|| --- Comment #72 from Bernardo Gonzalez Kriegel --- Created attachment 21627 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=21627&action=edit [SIGNED-OFF] Bug 9611: Database update, changing password from varchar(30) to varchar(60) This is necessary because Bcrypt hashes are longer than MD5 hashes. Signed-off-by: Bernardo Gonzalez Kriegel Signed-off-by: Mason James Signed-off-by: Galen Charlton -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 Bernardo Gonzalez Kriegel changed: What|Removed |Added Attachment #21614|0 |1 is obsolete|| --- Comment #71 from Bernardo Gonzalez Kriegel --- Created attachment 21626 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=21626&action=edit [SIGNED-OFF] bug_9611: use checkpw_hash() instead of md5 hash Test: * SIP: Have an old user and create a new user - use either tenet sip test or C4/SIP/interactive_patron_check_password.pl to check old userid/password - do the same for the new user Signed-off-by: Bernardo Gonzalez Kriegel Work as described Test 1) using perl C4/SIP/interactive_patron_check_password.pl can check current (short) and new (long) passwords -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 Bernardo Gonzalez Kriegel changed: What|Removed |Added Attachment #20624|0 |1 is obsolete|| --- Comment #70 from Bernardo Gonzalez Kriegel --- Created attachment 21625 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=21625&action=edit [SIGNED-OFF] bug_9611: use hash_password() and checkpw_* instead of md5 hash Test: * LDAP: - Turn on LDAP auth in koha-config.xml. Sset "update" in your server config to 1 - Change user's password on LDAP - Login to Koha using LDAP - Koha password should be updated, to check - Turn off LDAP auth in koha-config.xml - You should be ble to log in with the new password I do not have a LDAP facility, so I cheated. I ran perl -e 'use C4::Auth_with_ldap; C4::Auth_with_ldap::_do_changepassword("srdjan", 122259, "srdjan");' and was able to change the password. Signed-off-by: Bernardo Gonzalez Kriegel Work as described. Test 1) change to 1 2) copy/paste sample config from perldoc C4/Auth_with_ldap 3) using sample script was able to change password, use (userid, borrowernumber, newpass) as arguments 4) checked with OPAC and in database -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 Bernardo Gonzalez Kriegel changed: What|Removed |Added Attachment #20622|0 |1 is obsolete|| --- Comment #69 from Bernardo Gonzalez Kriegel --- Created attachment 21624 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=21624&action=edit [SIGNED-OFF] bug_9611: removed md5_base64 from imports - not used Signed-off-by: Bernardo Gonzalez Kriegel -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 Bernardo Gonzalez Kriegel changed: What|Removed |Added Attachment #20578|0 |1 is obsolete|| --- Comment #67 from Bernardo Gonzalez Kriegel --- Created attachment 21622 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=21622&action=edit [SIGNED-OFF] Bug 9611: Change the password hashing algorithm from MD5 to Bcrypt What this patch aims to accomplish? * All new passwords are stored as Bcrypt-hashes * For password verification: - If the user was created before this patch was applied then use MD5 to hash the entered password <-- backwards compatibility - If the user was created after this patch was applied then use Bcrypt to hash the entered password * Any password change made via the staff interface or the OPAC will be automatically Bcrypt-hashed; this applies to old users whose passwords were stored as MD5 hashes previously Test plan: 1) Add new users and check whether their passwords are stored as Bcrypt hashes or not. 2) To test that authentication works for both old as well as new users: a) Login as an existing user whose password is stored as a MD5 hash b) Login as an existing user whose password is stored as a Bcrypt hash 3) In the staff interface, change the password of an existing user whose password is stored as an MD5 hash a) Check the new password is stored as a Bcrypt-hash in the database b) Try to login with the new password 4) In the OPAC, verify that a) Old user with old pass can change password, new format b) New user with new pass can change password c) Old and new user with self-updated pass can login Whitespace cleanup was contributed by Bernardo Gonzalez Kriegel. Signed-off-by: Bernardo Gonzalez Kriegel Signed-off-by: Mason James Signed-off-by: Galen Charlton -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 Bernardo Gonzalez Kriegel changed: What|Removed |Added Attachment #20621|0 |1 is obsolete|| --- Comment #68 from Bernardo Gonzalez Kriegel --- Created attachment 21623 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=21623&action=edit [SIGNED-OFF] bug_9611: Extracted checkpw_internal() and checkpw_hash() from checkpw() Signed-off-by: Bernardo Gonzalez Kriegel -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 Bernardo Gonzalez Kriegel changed: What|Removed |Added Attachment #20255|0 |1 is obsolete|| --- Comment #66 from Bernardo Gonzalez Kriegel --- Created attachment 21621 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=21621&action=edit [SIGNED-OFF] Bug 9611: add Crypt::Eksblowfish::Bcrypt to list of Perl dependencies Signed-off-by: Bernardo Gonzalez Kriegel Signed-off-by: Mason James Signed-off-by: Galen Charlton -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 --- Comment #65 from Srdjan Jankovic --- the borrowernumber. > > Well, not so :) > I need to add stanza, if not > > perl -e 'use C4::Auth_with_ldap; > C4::Auth_with_ldap::_do_changepassword("test", 12345, "");' > No "ldapserver" in server hash from KOHA_CONF: > /home/bgkriegel/kohadev/etc/koha-conf.xml at > /home/bgkriegel/kohaclone/C4/Auth_with_ldap.pm line 57, line 522. > Compilation failed in require at -e line 1, line 522. > BEGIN failed--compilation aborted at -e line 1, line 522. > Oops, sorry about that, was some time ago, and my memory is perishable obviously. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 --- Comment #64 from Bernardo Gonzalez Kriegel --- (In reply to Srdjan Jankovic from comment #62) > No, this scripts goes directly to Auth_with_ldap.pm, the purpose was to > avoid checking the config and doing the LDAP bit so we can test password > change only without having to connect to an LDAP server. > > > > > So, perhaps I'm just doing something wrong, I don't know. > > No, you are doing the right thing, just please check the borrowernumber. Well, not so :) I need to add stanza, if not perl -e 'use C4::Auth_with_ldap; C4::Auth_with_ldap::_do_changepassword("test", 12345, "");' No "ldapserver" in server hash from KOHA_CONF: /home/bgkriegel/kohadev/etc/koha-conf.xml at /home/bgkriegel/kohaclone/C4/Auth_with_ldap.pm line 57, line 522. Compilation failed in require at -e line 1, line 522. BEGIN failed--compilation aborted at -e line 1, line 522. But my previous problem was not using correct borrowernumber, so it's ready I'll re-upload all, with a followup to fix a small POD error -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 Srdjan Jankovic changed: What|Removed |Added Attachment #20254|0 |1 is obsolete|| --- Comment #63 from Srdjan Jankovic --- Created attachment 21615 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=21615&action=edit Bug 9611: Database update, changing password from varchar(30) to varchar(60) This is necessary because Bcrypt hashes are longer than MD5 hashes. Signed-off-by: Bernardo Gonzalez Kriegel Signed-off-by: Mason James Signed-off-by: Galen Charlton -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 --- Comment #62 from Srdjan Jankovic --- > If I feed > perl -e 'use C4::Auth_with_ldap; > C4::Auth_with_ldap::_do_changepassword("test", 12345, "test");' > with current password, it returns nothing, and pass is not updated > > If I put a new password, last argument I suppose, then it returns > Password mismatch after update to borrowernumber=12345 at > /home/bgkriegel/kohaclone/C4/Auth_with_ldap.pm line 274, line 522. > and pass is not updated > 12345 should be the borrowernumber for the user 'test'. Is that the case? > I enabled ldap changing to 1 1 > and just copy/paste ladp server conf from perldoc. And did this > because the oneliner do not run if there is no configuration. No, this scripts goes directly to Auth_with_ldap.pm, the purpose was to avoid checking the config and doing the LDAP bit so we can test password change only without having to connect to an LDAP server. > > So, perhaps I'm just doing something wrong, I don't know. No, you are doing the right thing, just please check the borrowernumber. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 Srdjan Jankovic changed: What|Removed |Added Status|Patch doesn't apply |Needs Signoff -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 Srdjan Jankovic changed: What|Removed |Added Attachment #20623|0 |1 is obsolete|| --- Comment #61 from Srdjan Jankovic --- Created attachment 21614 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=21614&action=edit bug_9611: use checkpw_hash() instead of md5 hash Test: * SIP: Have an old user and create a new user - use either tenet sip test or C4/SIP/interactive_patron_check_password.pl to check old userid/password - do the same for the new user -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 I'm just a bot changed: What|Removed |Added Status|Needs Signoff |Patch doesn't apply CC||git...@bugs.koha-community. ||org When did the bot||2013-09-29 last check this|| --- Comment #60 from I'm just a bot --- Applying: bug_9611: use checkpw_hash() instead of md5 hash Using index info to reconstruct a base tree... MC4/SIP/ILS/Patron.pm Falling back to patching base and 3-way merge... Auto-merging C4/SIP/ILS/Patron.pm CONFLICT (content): Merge conflict in C4/SIP/ILS/Patron.pm Patch failed at 0001 bug_9611: use checkpw_hash() instead of md5 hash The copy of the patch that failed is found in: /home/christopher/git/koha/.git/rebase-apply/patch When you have resolved this problem, run "git am --continue". If you prefer to skip this patch, run "git am --skip" instead. To restore the original branch and stop patching, run "git am --abort". -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 --- Comment #59 from Bernardo Gonzalez Kriegel --- (In reply to Robin Sheat from comment #58) > (In reply to Bernardo Gonzalez Kriegel from comment #57) > > This part of the cheat I can't replicate. > > Could you explain a little more? > > What happens when you try to replicate it? It seems to me like it should > work, though I haven't tested it myself. > > It's just loading the module and calling the password changing function > directly, as a real LDAP auth process would. If I feed perl -e 'use C4::Auth_with_ldap; C4::Auth_with_ldap::_do_changepassword("test", 12345, "test");' with current password, it returns nothing, and pass is not updated If I put a new password, last argument I suppose, then it returns Password mismatch after update to borrowernumber=12345 at /home/bgkriegel/kohaclone/C4/Auth_with_ldap.pm line 274, line 522. and pass is not updated I enabled ldap changing to 1 1 and just copy/paste ladp server conf from perldoc. And did this because the oneliner do not run if there is no configuration. So, perhaps I'm just doing something wrong, I don't know. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 --- Comment #58 from Robin Sheat --- (In reply to Bernardo Gonzalez Kriegel from comment #57) > This part of the cheat I can't replicate. > Could you explain a little more? What happens when you try to replicate it? It seems to me like it should work, though I haven't tested it myself. It's just loading the module and calling the password changing function directly, as a real LDAP auth process would. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 --- Comment #57 from Bernardo Gonzalez Kriegel --- (In reply to Srdjan Jankovic from comment #55) > I do not have a LDAP facility, so I cheated. I ran > perl -e 'use C4::Auth_with_ldap; > C4::Auth_with_ldap::_do_changepassword("srdjan", 122259, "srdjan");' > and was able to change the password. This part of the cheat I can't replicate. Could you explain a little more? -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 --- Comment #56 from Srdjan Jankovic --- See also http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10781 -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 --- Comment #55 from Srdjan Jankovic --- Created attachment 20624 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=20624&action=edit bug_9611: use hash_password() and checkpw_* instead of md5 hash Test: * LDAP: - Turn on LDAP auth in koha-config.xml. Sset "update" in your server config to 1 - Change user's password on LDAP - Login to Koha using LDAP - Koha password should be updated, to check - Turn off LDAP auth in koha-config.xml - You should be ble to log in with the new password I do not have a LDAP facility, so I cheated. I ran perl -e 'use C4::Auth_with_ldap; C4::Auth_with_ldap::_do_changepassword("srdjan", 122259, "srdjan");' and was able to change the password. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 Srdjan Jankovic changed: What|Removed |Added Status|ASSIGNED|Needs Signoff -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 --- Comment #54 from Srdjan Jankovic --- Created attachment 20623 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=20623&action=edit bug_9611: use checkpw_hash() instead of md5 hash Test: * SIP: Have an old user and create a new user - use either tenet sip test or C4/SIP/interactive_patron_check_password.pl to check old userid/password - do the same for the new user -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 --- Comment #53 from Srdjan Jankovic --- Created attachment 20622 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=20622&action=edit bug_9611: removed md5_base64 from imports - not used -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 --- Comment #52 from Srdjan Jankovic --- Created attachment 20621 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=20621&action=edit bug_9611: Extracted checkpw_internal() and checkpw_hash() from checkpw() -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 Srdjan Jankovic changed: What|Removed |Added Attachment #20576|0 |1 is obsolete|| Attachment #20577|0 |1 is obsolete|| --- Comment #51 from Srdjan Jankovic --- Created attachment 20578 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=20578&action=edit Bug 9611: Change the password hashing algorithm from MD5 to Bcrypt What this patch aims to accomplish? * All new passwords are stored as Bcrypt-hashes * For password verification: - If the user was created before this patch was applied then use MD5 to hash the entered password <-- backwards compatibility - If the user was created after this patch was applied then use Bcrypt to hash the entered password * Any password change made via the staff interface or the OPAC will be automatically Bcrypt-hashed; this applies to old users whose passwords were stored as MD5 hashes previously Test plan: 1) Add new users and check whether their passwords are stored as Bcrypt hashes or not. 2) To test that authentication works for both old as well as new users: a) Login as an existing user whose password is stored as a MD5 hash b) Login as an existing user whose password is stored as a Bcrypt hash 3) In the staff interface, change the password of an existing user whose password is stored as an MD5 hash a) Check the new password is stored as a Bcrypt-hash in the database b) Try to login with the new password 4) In the OPAC, verify that a) Old user with old pass can change password, new format b) New user with new pass can change password c) Old and new user with self-updated pass can login Whitespace cleanup was contributed by Bernardo Gonzalez Kriegel. Signed-off-by: Bernardo Gonzalez Kriegel Signed-off-by: Mason James Signed-off-by: Galen Charlton -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 Srdjan Jankovic changed: What|Removed |Added Attachment #20253|0 |1 is obsolete|| --- Comment #50 from Srdjan Jankovic --- Created attachment 20577 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=20577&action=edit bug 9611: removing external dependency for password salt generator To address packaging issues with Crypt::Random::Source, this patch replaces the salt generation with a wrapper for /dev/urandom and /dev/random. The test plan for this patch is the same as that for the base patch for bug 9611. Signed-off-by: Galen Charlton -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 Srdjan Jankovic changed: What|Removed |Added Attachment #20252|0 |1 is obsolete|| --- Comment #49 from Srdjan Jankovic --- Created attachment 20576 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=20576&action=edit Bug 9611: Change the password hashing algorithm from MD5 to Bcrypt What this patch aims to accomplish? * All new passwords are stored as Bcrypt-hashes * For password verification: - If the user was created before this patch was applied then use MD5 to hash the entered password <-- backwards compatibility - If the user was created after this patch was applied then use Bcrypt to hash the entered password * Any password change made via the staff interface or the OPAC will be automatically Bcrypt-hashed; this applies to old users whose passwords were stored as MD5 hashes previously Test plan: 1) Add new users and check whether their passwords are stored as Bcrypt hashes or not. 2) To test that authentication works for both old as well as new users: a) Login as an existing user whose password is stored as a MD5 hash b) Login as an existing user whose password is stored as a Bcrypt hash 3) In the staff interface, change the password of an existing user whose password is stored as an MD5 hash a) Check the new password is stored as a Bcrypt-hash in the database b) Try to login with the new password 4) In the OPAC, verify that a) Old user with old pass can change password, new format b) New user with new pass can change password c) Old and new user with self-updated pass can login Whitespace cleanup was contributed by Bernardo Gonzalez Kriegel. Signed-off-by: Bernardo Gonzalez Kriegel Signed-off-by: Mason James Signed-off-by: Galen Charlton -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 Srdjan Jankovic changed: What|Removed |Added CC||srd...@catalyst.net.nz Assignee|gmcha...@gmail.com |srd...@catalyst.net.nz -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 Galen Charlton changed: What|Removed |Added Status|Needs Signoff |ASSIGNED --- Comment #47 from Galen Charlton --- I've squashed the patch series into a set of four that reduce the flapping while retaining author attribution, and have signed off on them. I am not, however, setting this bug to signed off, but to assigned. This is because patron records using the new hash would be unable to authenticate using SIP or ILS-DI. Note that the following files are using md5_base64 exclusive when comparing hashes: C4/SIP/ILS/Patron.pm C4/ILSDI/Utility.pm Also, although of less import, C4/Auth_with_ldap.pm isn't using the new hashing style either when caching the password. Consequently, follow-ups are needed. I may poke at this some more this weekend, but the field is free if anybody else wants to work on it. I'm inclined to think that it may be time to get started on a Koha::Auth module, if only for the initial reason of creating a home for a single password verification routine. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 --- Comment #48 from Galen Charlton --- Also, just to raise the inevitable question: do we care about the portability issues of using /dev/random and /dev/urandom? -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 --- Comment #44 from Galen Charlton --- Created attachment 20253 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=20253&action=edit bug 9611: removing external dependency for password salt generator To address packaging issues with Crypt::Random::Source, this patch replaces the salt generation with a wrapper for /dev/urandom and /dev/random. The test plan for this patch is the same as that for the base patch for bug 9611. Signed-off-by: Galen Charlton -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 Galen Charlton changed: What|Removed |Added Attachment #15518|0 |1 is obsolete|| Attachment #15520|0 |1 is obsolete|| Attachment #15521|0 |1 is obsolete|| Attachment #15522|0 |1 is obsolete|| Attachment #17203|0 |1 is obsolete|| Attachment #17204|0 |1 is obsolete|| --- Comment #43 from Galen Charlton --- Created attachment 20252 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=20252&action=edit Bug 9611: Change the password hashing algorithm from MD5 to Bcrypt What this patch aims to accomplish? * All new passwords are stored as Bcrypt-hashes * For password verification: - If the user was created before this patch was applied then use MD5 to hash the entered password <-- backwards compatibility - If the user was created after this patch was applied then use Bcrypt to hash the entered password * Any password change made via the staff interface or the OPAC will be automatically Bcrypt-hashed; this applies to old users whose passwords were stored as MD5 hashes previously Test plan: 1) Add new users and check whether their passwords are stored as Bcrypt hashes or not. 2) To test that authentication works for both old as well as new users: a) Login as an existing user whose password is stored as a MD5 hash b) Login as an existing user whose password is stored as a Bcrypt hash 3) In the staff interface, change the password of an existing user whose password is stored as an MD5 hash a) Check the new password is stored as a Bcrypt-hash in the database b) Try to login with the new password 4) In the OPAC, verify that a) Old user with old pass can change password, new format b) New user with new pass can change password c) Old and new user with self-updated pass can login Whitespace cleanup was contributed by Bernardo Gonzalez Kriegel. Signed-off-by: Bernardo Gonzalez Kriegel Signed-off-by: Mason James Signed-off-by: Galen Charlton -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 --- Comment #46 from Galen Charlton --- Created attachment 20255 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=20255&action=edit Bug 9611: add Crypt::Eksblowfish::Bcrypt to list of Perl dependencies Signed-off-by: Bernardo Gonzalez Kriegel Signed-off-by: Mason James Signed-off-by: Galen Charlton -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 Galen Charlton changed: What|Removed |Added Patch complexity|--- |Medium patch -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 --- Comment #45 from Galen Charlton --- Created attachment 20254 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=20254&action=edit Bug 9611: Database update, changing password from varchar(30) to varchar(60) This is necessary because Bcrypt hashes are longer than MD5 hashes. Signed-off-by: Bernardo Gonzalez Kriegel Signed-off-by: Mason James Signed-off-by: Galen Charlton -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 Chris Hall changed: What|Removed |Added Status|Failed QA |Needs Signoff -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 --- Comment #42 from Chris Hall --- Created attachment 17204 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=17204&action=edit Removing external dependency for password salting I have written a wrapper around /dev/urandom and /dev/random that will give back a specified number of bytes salting purposes, however this can be used anytime a pseudo-random number is needed within Koha. /dev/urandom should be sufficient for password general salting, /dev/random is more suited when higher entropy is needed (if we ever use server salts). This patch removes the Crypt::Random::Source dependency that was mentioned in the 'Updating dependencies' patch, it may be useful to squash this patch set down but I did not do so as I didn't want to remove authorship details. Testplan: In current master (before applying this patch) create a new user. Login to the koha mysql database (sudo koha-mysql instance) and run the following query: select userid, password from borrowers where userid='username'; The output should be something like: patron | vdpWxEZTtVVPhZSAq1NIMw Apply the patch series on this bug Change the users password from within koha (for testing it is fine to change it to the same password) Run the above query again and observe the output: patron | $2a$08$U93rGVfvcV0YUNhJY.so3OkNL46bGBrIR3ugyskXLIJY5aMD8ENme Notice that the new password is longer, but also that all passwords generated by this patch series should begin with '$2a$08$'. If we change the password again in the interface to the same password and run out database query again, we should get a different value in the password field (although it will still have the '$2a$08$' prefix). Attempt to login as the user using the password you just set. This patch series fails if any of the following occur: you cannot change a password you cannot login the new passwords (viewing them from within the database) do not start with "$2a$08$" changing the password twice to the same value (say, "testing") results in the same password value being stored in the database Otherwise it is a pass. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 Chris Hall changed: What|Removed |Added Attachment #15519|0 |1 is obsolete|| --- Comment #41 from Chris Hall --- Created attachment 17203 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=17203&action=edit Database update, changing password from varchar(30) to varchar(60) Attached is the second patch rebased so that it will apply cleanly against current master. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 Chris Hall changed: What|Removed |Added CC||chr...@catalyst.net.nz --- Comment #40 from Chris Hall --- Hey Mason http://deps.cpantesters.org/?module=Bytes::Random::Secure Correct me if I am wrong, but a quick glance suggests we would have to package bytes::random::secure, scalar::util, Crypt::random::seed, Crypt::random::tesha2 and maybe some of their dependencies. The closest thing I could find that was also in squeeze was crypt::openssl::random, but as this requires a decent seed (so that we get unique values). I was going to use /dev/urandom for the seed value, however this also suffices for use as a salt so I just cut out the middleman. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 --- Comment #39 from Mason James --- (In reply to comment #37) > (In reply to comment #35) > > (In reply to comment #34) > > > Ahh in that case I suspect we want a better random generator. > > > > I think so. > > hmm, how about Crypt::Random::TESHA2? > it's a minimal and portable module hmmm, Bytes::Random::Secure looks even better... "Prior to version 0.20, a heavy dependency chain was required for reliably and securely seeding the ISAAC generator. Earlier versions required Crypt::Random::Source, which in turn required Any::Moose. Thanks to Dana Jacobsen's new Crypt::Random::Seed module, this situation has been resolved. So if you're looking for a secure random bytes solution that "just works" portably, and on Perl versions as far back as 5.6.0, you've come to the right place." http://search.cpan.org/~davido/Bytes-Random-Secure-0.25/lib/Bytes/Random/Secure.pm -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 --- Comment #38 from Robin Sheat --- > This module implements userspace voodoo entropy. You should use a proper O/S > supplied entropy source such as /dev/random or the Win32 Crypt API. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 --- Comment #37 from Mason James --- (In reply to comment #35) > (In reply to comment #34) > > Ahh in that case I suspect we want a better random generator. > > I think so. hmm, how about Crypt::Random::TESHA2? it's a minimal and portable module http://search.cpan.org/~danaj/Crypt-Random-TESHA2-0.01/lib/Crypt/Random/TESHA2.pm -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 --- Comment #36 from Robin Sheat --- A very perfunctory search didn't find anything suitable as a replacement. Are the problematic circumstances the sort of thing that we're likely to encounter? If so, then we'll have to find something else of course. However, there won't be too many that are very pluggable like this is. I suppose we could be OK using a pseudo-random source for salts if push came to shove. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 Jared Camins-Esakov changed: What|Removed |Added Status|Passed QA |Failed QA --- Comment #35 from Jared Camins-Esakov --- (In reply to comment #34) > Ahh in that case I suspect we want a better random generator. I think so. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 --- Comment #34 from Chris Cormack --- Ahh in that case I suspect we want a better random generator. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 --- Comment #33 from Jared Camins-Esakov --- (In reply to comment #32) > Where did you see Any::Moose? In one of the cpan modules ? It's required by Crypt::Random::Source. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 --- Comment #32 from Chris Cormack --- Where did you see Any::Moose? In one of the cpan modules ? -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 --- Comment #31 from Jared Camins-Esakov --- I have a question about the use of Any::Moose. I know in some circumstances there can be a conflict between Any::Moose and direct Moose/Mouse loads. Is that a concern here between this and the Solr code? -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 --- Comment #30 from Mason James --- (In reply to comment #29) > passing-QA on these 5 patches... ps: sorry about the multiple attempts to upload my signed-of patches, i just worked out how to git-bz-attach a rangle of commits -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 Mason James changed: What|Removed |Added Status|Signed Off |Passed QA CC||m...@kohaaloha.com --- Comment #29 from Mason James --- passing-QA on these 5 patches... i've tested these, and they work as stated. awesome patch Srikanth, well done everyone -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 --- Comment #27 from Mason James --- Created attachment 15521 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=15521&action=edit Bug 9611 - Changing the OPAC password hashing algorithm from MD5 to Bcrypt Signed-off-by: Bernardo Gonzalez Kriegel Comment: Work as described. No errors Test: 1) Old user with old pass can change password, new format 2) New user with new pass can change password 3) Old and new user with self-updated pass can login Signed-off-by: Mason James -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 --- Comment #26 from Mason James --- Created attachment 15520 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=15520&action=edit Bug 9611 : Updating dependencies Signed-off-by: Bernardo Gonzalez Kriegel No comment. Signed-off-by: Mason James -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 --- Comment #28 from Mason James --- Created attachment 15522 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=15522&action=edit Followup Bug 9611 - Changing the password hashing algorithm Fixes tabulations Signed-off-by: Mason James -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 --- Comment #25 from Mason James --- Created attachment 15519 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=15519&action=edit Bug 9611 : Database update, changing password from varchar(30) to varchar(60) Signed-off-by: Bernardo Gonzalez Kriegel Comment: Fixed small mering conflict. Signed-off-by: Mason James -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 Mason James changed: What|Removed |Added Attachment #15517|0 |1 is obsolete|| --- Comment #24 from Mason James --- Created attachment 15518 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=15518&action=edit Bug 9611 - Changing the hashing algorithm from MD5 to Bcrypt What this patch aims to accomplish? * All new passwords are stored as Bcrypt-hashes * For password verification: - If the user was created before this patch was applied then use MD5 to hash the entered password <-- backwards compatibility - If the user was created after this patch was applied then use Bcrypt to hash the entered password * Any password change will be automatically Bcrypt-hashed, this applies to old members whose passwords were stored as MD5 hashes previously Test plan: 1) Add new users and check whether their passwords are stored as Bcrypt hashes or not 2) To test that authentication works for both old as well as new members a) Login as an existing user whose password is stored as a MD5 hash b) Login as an existing user whose password is stored as a Bcrypt hash 3) Change the password of an existing member whose password is stored as an MD5 hash a) Check the new password is stored as a Bcrypt-hash in the database b) Try to login with the new password Signed-off-by: Bernardo Gonzalez Kriegel Comment: Work as described. Small tabulation errors fixed in followup. Test with patches 1-3 applied, run updatedatabase 1) Old user can login 2) New user can login 3) User with updated password can login 4) Inspection of DB shows different passwords length Signed-off-by: Mason James -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 Mason James changed: What|Removed |Added Attachment #15507|0 |1 is obsolete|| Attachment #15508|0 |1 is obsolete|| Attachment #15510|0 |1 is obsolete|| Attachment #15514|0 |1 is obsolete|| Attachment #15515|0 |1 is obsolete|| Attachment #15516|0 |1 is obsolete|| --- Comment #23 from Mason James --- Created attachment 15517 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=15517&action=edit Bug 9611 - Changing the hashing algorithm from MD5 to Bcrypt What this patch aims to accomplish? * All new passwords are stored as Bcrypt-hashes * For password verification: - If the user was created before this patch was applied then use MD5 to hash the entered password <-- backwards compatibility - If the user was created after this patch was applied then use Bcrypt to hash the entered password * Any password change will be automatically Bcrypt-hashed, this applies to old members whose passwords were stored as MD5 hashes previously Test plan: 1) Add new users and check whether their passwords are stored as Bcrypt hashes or not 2) To test that authentication works for both old as well as new members a) Login as an existing user whose password is stored as a MD5 hash b) Login as an existing user whose password is stored as a Bcrypt hash 3) Change the password of an existing member whose password is stored as an MD5 hash a) Check the new password is stored as a Bcrypt-hash in the database b) Try to login with the new password Signed-off-by: Bernardo Gonzalez Kriegel Comment: Work as described. Small tabulation errors fixed in followup. Test with patches 1-3 applied, run updatedatabase 1) Old user can login 2) New user can login 3) User with updated password can login 4) Inspection of DB shows different passwords length Signed-off-by: Mason James -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 --- Comment #22 from Mason James --- Created attachment 15516 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=15516&action=edit Followup Bug 9611 - Changing the password hashing algorithm Fixes tabulations Signed-off-by: Mason James -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 Mason James changed: What|Removed |Added Attachment #15509|0 |1 is obsolete|| --- Comment #21 from Mason James --- Created attachment 15515 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=15515&action=edit Bug 9611 : Updating dependencies Signed-off-by: Bernardo Gonzalez Kriegel No comment. Signed-off-by: Mason James -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 Mason James changed: What|Removed |Added Attachment #15506|0 |1 is obsolete|| --- Comment #20 from Mason James --- Created attachment 15514 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=15514&action=edit Bug 9611 - Changing the hashing algorithm from MD5 to Bcrypt What this patch aims to accomplish? * All new passwords are stored as Bcrypt-hashes * For password verification: - If the user was created before this patch was applied then use MD5 to hash the entered password <-- backwards compatibility - If the user was created after this patch was applied then use Bcrypt to hash the entered password * Any password change will be automatically Bcrypt-hashed, this applies to old members whose passwords were stored as MD5 hashes previously Test plan: 1) Add new users and check whether their passwords are stored as Bcrypt hashes or not 2) To test that authentication works for both old as well as new members a) Login as an existing user whose password is stored as a MD5 hash b) Login as an existing user whose password is stored as a Bcrypt hash 3) Change the password of an existing member whose password is stored as an MD5 hash a) Check the new password is stored as a Bcrypt-hash in the database b) Try to login with the new password Signed-off-by: Bernardo Gonzalez Kriegel Comment: Work as described. Small tabulation errors fixed in followup. Test with patches 1-3 applied, run updatedatabase 1) Old user can login 2) New user can login 3) User with updated password can login 4) Inspection of DB shows different passwords length Signed-off-by: Mason James -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 Bernardo Gonzalez Kriegel changed: What|Removed |Added Status|Needs Signoff |Signed Off -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 --- Comment #19 from Bernardo Gonzalez Kriegel --- Created attachment 15510 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=15510&action=edit Followup Bug 9611 - Changing the password hashing algorithm Fixes tabulations -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 Bernardo Gonzalez Kriegel changed: What|Removed |Added Attachment #15505|0 |1 is obsolete|| --- Comment #18 from Bernardo Gonzalez Kriegel --- Created attachment 15509 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=15509&action=edit [SIGNED-OFF] Bug 9611 - Changing the OPAC password hashing algorithm from MD5 to Bcrypt Signed-off-by: Bernardo Gonzalez Kriegel Comment: Work as described. No errors Test: 1) Old user with old pass can change password, new format 2) New user with new pass can change password 3) Old and new user with self-updated pass can login -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 Bernardo Gonzalez Kriegel changed: What|Removed |Added Attachment #15429|0 |1 is obsolete|| --- Comment #17 from Bernardo Gonzalez Kriegel --- Created attachment 15508 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=15508&action=edit [SIGNED-OFF] Bug 9611 : Updating dependencies Signed-off-by: Bernardo Gonzalez Kriegel No comment. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 Bernardo Gonzalez Kriegel changed: What|Removed |Added Attachment #15427|0 |1 is obsolete|| --- Comment #16 from Bernardo Gonzalez Kriegel --- Created attachment 15507 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=15507&action=edit [SIGNED-OFF] Bug 9611 : Database update, changing password from varchar(30) to varchar(60) Signed-off-by: Bernardo Gonzalez Kriegel Comment: Fixed small mering conflict. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 Bernardo Gonzalez Kriegel changed: What|Removed |Added Attachment #15311|0 |1 is obsolete|| --- Comment #15 from Bernardo Gonzalez Kriegel --- Created attachment 15506 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=15506&action=edit [SIGNED-OFF] Bug 9611 - Changing the hashing algorithm from MD5 to Bcrypt What this patch aims to accomplish? * All new passwords are stored as Bcrypt-hashes * For password verification: - If the user was created before this patch was applied then use MD5 to hash the entered password <-- backwards compatibility - If the user was created after this patch was applied then use Bcrypt to hash the entered password * Any password change will be automatically Bcrypt-hashed, this applies to old members whose passwords were stored as MD5 hashes previously Test plan: 1) Add new users and check whether their passwords are stored as Bcrypt hashes or not 2) To test that authentication works for both old as well as new members a) Login as an existing user whose password is stored as a MD5 hash b) Login as an existing user whose password is stored as a Bcrypt hash 3) Change the password of an existing member whose password is stored as an MD5 hash a) Check the new password is stored as a Bcrypt-hash in the database b) Try to login with the new password Signed-off-by: Bernardo Gonzalez Kriegel Comment: Work as described. Small tabulation errors fixed in followup. Test with patches 1-3 applied, run updatedatabase 1) Old user can login 2) New user can login 3) User with updated password can login 4) Inspection of DB shows different passwords length -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 --- Comment #14 from Srikanth Dhondi --- Created attachment 15505 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=15505&action=edit Bug 9611 - Changing the OPAC password hashing algorithm from MD5 to Bcrypt -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 --- Comment #13 from Bernardo Gonzalez Kriegel --- Good job! 1) All current (3) patches applied, run updatedatabase 2) Old user with old password can login 3) Old user with updated password can login 4) New user with new password can login Login tested on OPAC and STAFF. All works, no errors. Pending OPAC password change. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 Chris Cormack changed: What|Removed |Added Status|Failed QA |Needs Signoff --- Comment #12 from Chris Cormack --- Patch to change OPAC to follow, the others can be tested though -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 Chris Cormack changed: What|Removed |Added Attachment #15428|0 |1 is obsolete|| --- Comment #11 from Chris Cormack --- Created attachment 15429 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=15429&action=edit Bug 9611 : Updating dependencies -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611 --- Comment #10 from Chris Cormack --- Created attachment 15428 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=15428&action=edit Bug 9611 : Updating dependencies -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/