On 04/08/2011 09:49 PM, Thomas Goirand wrote: > On 04/08/2011 08:14 AM, Ansgar Burchardt wrote: >> Hi Thomas, >> >> I noticed you prepared a patch[1] using MySQL's PASSWORD() function. >> Please note that this function should *not* be used by applications >> besides MySQL itself[2] in addition to not salting the hash. The crypt >> function included in PHP itself[3] with salting and a modern hash like >> SHA-512 seems to be a better choice. >> >> Regards, >> Ansgar >> >> [1] <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614304#56> >> [2] >> <http://dev.mysql.com/doc/refman/5.5/en/encryption-functions.html#function_password> >> [3] <http://php.net/manual/en/function.crypt.php> > > Hi, > > Thanks for letting me know before it's too late. Indeed, I didn't know. > > Please let me know, > > Thomas Goirand (zigo)
FYI, I switched to use the SHA1 function. People that already encrypted their passwords should ... well ... reset all passwords! :/ Thomas -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
