On Friday 04 June 2010 17:38:28, Dominique Faure wrote : > >> I am open to ideas on how PmWiki should deal with this, while > >> maintaining backward compatibility with existing wiki pages and already > >> encrypted existing passwords. > > > > At least, a warning in the auth form ?
Good idea. > BTW, since PmWiki only deals with hashed content, why not > systematically adding some constant padding chars to passwords before > hashing them? Because this will break all current passwords, even those that work on sometning different than "less than 4 characters on PHP5.3/Win". Md5() seems to work fine so in the past I was thinking that we could have our function (_crypt?) test for the bug, and if crypt() appears to be broken, automatically use the md5 hash (even if it is less secure). I never had the time to work on this. Petko _______________________________________________ pmwiki-devel mailing list pmwiki-devel@pmichaud.com http://www.pmichaud.com/mailman/listinfo/pmwiki-devel
