Vahan Amirbekyan skrev: > VERY IMPORTANT: > > http://www.h-online.com/news/Typo3-hole-leads-to-boom-in-hash-cracking--/112644 > > > > can salt be added to the algorithm?
This is old news, and has been patched long ago. http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002/ As far as I know, salt kan not be added to the Install Tool hashed password in localconf.php (I may be wrong). But the Install Tool should never be accessible after the installation of the site. For BE-users and FE-users it's possible to use salt, through a specific extension. http://typo3.org/extensions/repository/view/t3sec_saltedpw/current/ And salted MD5 password, RSA and OpenID will be part of Version 4.3 Best Erik Svendsen _______________________________________________ TYPO3-english mailing list TYPO3-english@lists.netfielders.de http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-english
