Using both Blowfish and SHA256 is not ideal as some users will have
stronger passwords than others. We probably may use Blowfish as the main
method. With regard of bulk user creation, we indeed can use SHA256 for
speed, but upon the login of such user, after SHA256 verification,
password hash wil
I like Ruslan's hash upgrade idea. We should do that.
That way Mahara will slowly migrate to better hashes for all of its
active users as they login.
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/b
The Mozilla Secure Coding Guidelines suggest an interesting migration
procedure:
https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines#Password_Storage
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchp
Just thought i'd link to this article I read a while ago suggesting bcrypt:
http://codahale.com/how-to-safely-store-a-password/ and a sample implementation
from Marco.org: https://gist.github.com/1053158
--
You received this bug notification because you are a member of Mahara
Contributors, whic
See
https://wiki.mahara.org/index.php/Developer_Area/Specifications_in_Development/Improve_Password_Storage
This depends on bug 890045
** Changed in: mahara
Assignee: (unassigned) => Hugh Davenport (hugh-catalyst)
** Changed in: mahara
Status: Triaged => In Progress
--
You received
https://reviews.mahara.org/852
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/843568
Title:
Stored passwords with a stronger hash algorithm
Status in Mahara ePortfolio:
In Progress
Bug de
above review was abandoned. new review(s) at
remote: https://reviews.mahara.org/854
remote: https://reviews.mahara.org/855
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/843568
Title:
St
** Tags removed: password
** Tags added: passwords
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/843568
Title:
Stored passwords with a stronger hash algorithm
Status in Mahara ePortfolio:
** Changed in: mahara
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/843568
Title:
Stored passwords with a stronger hash algorithm
Status in Mahar
** Changed in: mahara
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/843568
Title:
Stored passwords with a stronger hash algorithm
Status in Maha
10 matches
Mail list logo
