Issue #719 has been reported by Leonardo Arena.
----------------------------------------
Bug #719: Add option for algorythm selection for crypt hashes
http://tools.lsc-project.org/issues/719
Author: Leonardo Arena
Status: New
Priority: Normal
Assigned to:
Category:
Target version:
By default crypt hashes uses MD5, which is broken. With this option set by
default to "$6$" salted SHA512 is used instead.
<pre>
diff --git a/conf/config.inc.php b/conf/config.inc.php
index 1aae0f6..f78da93 100644
--- a/conf/config.inc.php
+++ b/conf/config.inc.php
@@ -59,6 +59,9 @@ $shadow_options['update_shadowLastChange'] = false;
# This option is not used with ad_mode = true
$hash = "SSHA";
+# prefix to use for salt with CRYPT
+$crypt_salt_prefix = "$6$";
+
# Local password policy
# This is applied before directory password policy
# Minimal length
diff --git a/lib/functions.inc.php b/lib/functions.inc.php
index 03e7258..1870692 100644
--- a/lib/functions.inc.php
+++ b/lib/functions.inc.php
@@ -62,7 +62,7 @@ function make_crypt_password($password) {
while( strlen( $salt ) < 2 )
$salt .= substr( $possible, ( rand() % strlen( $possible ) ), 1
);
- $hash = '{CRYPT}' . crypt( $password, $salt);
+ $hash = '{CRYPT}' . crypt( $password, $crypt_salt_prefix.$salt);
return $hash;
}
</pre>
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://tools.lsc-project.org/my/account
_______________________________________________
ltb-dev mailing list
[email protected]
http://lists.ltb-project.org/listinfo/ltb-dev
