Hi, @stephane: thanks for checking the hashing.
@othniel, valentin: YOG has rudimentary user scoring. this would be flawed without passwords. @jannis: as it is not about putting the data on a public server i would be fine with giving it to othniel or whoever manages and is willing to run the yog server (running the server can be done before transmitting the data). i would consider an SHA1-hash sufficiently strong as cracking it would yield a certain amount of criminal energy that would not be needed with plain text passwords. in the end we would need to trust the host, anyway as no matter how much salt we use the admin of the user db will be able to brute force passwords. Regards, Leo Wandersleb _______________________________________________ glob2-devel mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/glob2-devel
