Issue #719 has been updated by Clément OUDOT. Target version changed from self-service-password-? to self-service-password-0.9
---------------------------------------- Bug #719: Add option for algorythm selection for crypt hashes http://tools.lsc-project.org/issues/719 Author: Leonardo Arena Status: Assigned Priority: Normal Assigned to: Clément OUDOT Category: Self Service Password Target version: self-service-password-0.9 By default crypt hashes uses MD5, which is broken. With this option set by default to "$6$" salted SHA512 is used instead. <pre> diff --git a/conf/config.inc.php b/conf/config.inc.php index 1aae0f6..f78da93 100644 --- a/conf/config.inc.php +++ b/conf/config.inc.php @@ -59,6 +59,9 @@ $shadow_options['update_shadowLastChange'] = false; # This option is not used with ad_mode = true $hash = "SSHA"; +# prefix to use for salt with CRYPT +$crypt_salt_prefix = "$6$"; + # Local password policy # This is applied before directory password policy # Minimal length diff --git a/lib/functions.inc.php b/lib/functions.inc.php index 03e7258..1870692 100644 --- a/lib/functions.inc.php +++ b/lib/functions.inc.php @@ -62,7 +62,7 @@ function make_crypt_password($password) { while( strlen( $salt ) < 2 ) $salt .= substr( $possible, ( rand() % strlen( $possible ) ), 1 ); - $hash = '{CRYPT}' . crypt( $password, $salt); + $hash = '{CRYPT}' . crypt( $password, $crypt_salt_prefix.$salt); return $hash; } </pre> -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://tools.lsc-project.org/my/account
_______________________________________________ ltb-dev mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-dev
