----- Ursprüngliche Nachricht ----- Von: Vahan Amirbekyan <vamirbek...@dgfoundation.org> Gesendet: Montag, 1. Juni 2009 05:22:14 An: typo3-english@lists.netfielders.de CC: Betreff: [TYPO3-english] Typo3 hole leads to boom in hash cracking > VERY IMPORTANT: > > http://www.h-online.com/news/Typo3-hole-leads-to-boom-in-hash-cracking--/112644 > > can salt be added to the algorithm?
Even it has nothing to do with the Backend: Some FE-Extensions send hashes by mail to validate a user. Building Extensions I add a salt at the end of this hash to avoid that random md5-hashes can validate a brutforce attacker. As salt I take the time the user filled a form. Sure, it's not impossible to hack that by brutforce but it's much more secure than typical md5 hashes I think. Regards David _______________________________________________ TYPO3-english mailing list TYPO3-english@lists.netfielders.de http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-english