https://bugzilla.wikimedia.org/show_bug.cgi?id=28419
--- Comment #63 from Daniel Friesen <mediawiki-b...@nadir-seen-fire.com> 2012-08-06 05:08:09 UTC --- (In reply to comment #61) > I suggest we stop the cryptoparanoia competition here and finally get at least > SHA-2 or WHIRLPOOL (since you people make such a great deal of implementing > PBKDF2 so you can't get it done without tearing each other apart). We're still > using MD5 right now for password storage. > > I could go ahead and patch the system myself. But it looks that it has been > done at least twice, can we finally get *something* into gerrit? Preferrably > in > the small portions. If I were you, I'd start with OOP rewrite of the current > password system without any new backends, then commit a patch with PDKBF2 > backend, etc. The OOP rewrite is the larger task. The PBKDF2 implementation usually ends up being done at some point along the implementation of the OOP backend as a test case for the new features that the OOP system requires since our old backends barely use them. My implementation is sitting in a GitHub branch: https://github.com/dantman/mediawiki-core/compare/master...2012/password-hashing You can look at the branch to see the small portions that have stacked up. It only needs password updating and proper login page errors to be complete enough for use. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
