On 08.06.2012 10:40, Thomas Tanghus wrote:
On Friday 08 June 2012 10:15 Andreas Schneider wrote:
You know there is this rocket sience technology from the 70ies. It is called
salt in cryptography. I suggested several times to use salting in owncloud
but we still don't have it.
First linkedin:
http://www.h-online.com/security/news/item/LinkedIn-confirms-that-user-
passwords-were-compromised-1612554.html
then last.fm:
http://www.lastfm.de/passwordsecurity
next: your owncloud installation ...
Now I don't know much about cryptography, but I read the code, followed the
password, and to me it looks like you're spreading FUD:
This is not spreading FUD, we have to be careful here. Crypto that only
uses randoms from the same machine is not secure per definition AFAIK.
The problem is: IF somebody gets the content of the database for
whatever reason, it should be as difficult as possible to reconstruct
the passwords used as users tend to use passwords multiple.
I think we always should strive for the best possible solution in this
areas.
regards,
Klaas
_______________________________________________
Owncloud mailing list
[email protected]
https://mail.kde.org/mailman/listinfo/owncloud
