https://bugzilla.wikimedia.org/show_bug.cgi?id=28419
--- Comment #28 from Daniel Friesen <mediawiki-b...@nadir-seen-fire.com> 2012-03-26 08:34:42 UTC --- I started a branch for this: https://github.com/dantman/mediawiki-core/compare/master...2012%2Fpassword-hashing So far I've: - Split our crypt() and comparePassword() into a pluggable class system that can be extended and works much more sanely (you only implement the hashing function once, instead of implementing it in two spots) - Implemented a PBKDF2-HMAC password type implementation Things on the todo list: - Implement a version of the PBKDF2-HMAC which also has a secret key in it. - Make the login page understand the other types of errors that the password system can output. - Implement automatic upgrading of passwords on login. (Also make sure it's implementation doesn't conflict with auth extensions) - Adding password system tests to the phpunit test framework. - Adding some test cases to ensure that PBKDF2-HMAC conforms to the specification. https://github.com/dantman/mediawiki-core/compare/master...2012%2Fpassword-hashing -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l