https://bugzilla.wikimedia.org/show_bug.cgi?id=28419
--- Comment #34 from Tyler Romeo <tylerro...@gmail.com> 2012-03-31 02:27:04 UTC
---
There are a number of problems with that that I don't think you realize. There
needs to be some way to determine what type of hash it is, and that cannot be
done if the delimiter can be whatever the hell the hashing plugin wants.
Regardless, in a pluggable hashing system, it is not the hashing function's job
to format the hash for storage in the database. Formatting and storage is
something that should be unified and handled in a centralized manner by some
sort of Password class. I cannot foresee any reason ever for MediaWiki to want
to up and switch delimiters for no apparent reason.
All that is needed is a central Password class that will handle all formatting
and hash parsing and then pass off actual cryptography work to the respective
functions. And yes, the colon-separated format is a format WE came up with, but
why in God's name would MediaWiki need to allow hashing functions to change the
delimiter or storage format? There is no security advantage to using dollar
signs over colons that I know of.
---
As far as the preferred/current type issue, I understand. I was just confused
by All PHP hashing functions output a binary hash (or hex). A pluggable
hashingthe wording and took it the wrong way. There does need to be a way for
each hashing function to tell MediaWiki that its specific configuration options
have been changed and that old hashes should be updated.
So here is what I suggest:
class Password {
public static function init();
public static function register(name, function, defaultOptions);
public static function parseHash(hash); /* Returns [[option, ...], hash]
public function __construct(hash="");
public function crypt(password);
public function compare(password);
public function current();
}
init - Does all the stuff your implementation does right now.
register - Maps the name to the function and list of default options.
parseHash - Parses the hash and returns a list of options and the hash.
__construct - Makes a new class based on a hash (or not).
crypt - Passes the plaintext to the hashing function and formats the raw hash.
compare - Passes the plaintext to crypt() and compares it to the internal hash.
current - Sees if the options in the given hash match the default options.
This system allows for a) a password hashing system that makes sense and isn't
confusing and b) an easy method of updating hashes. No need for a hierarchy of
classes, wach with it's own set of functions, etc.
--
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
