** Changed in: mahara
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/843568
Title:
Stored passwords with a stronger hash algorithm
Status in Maha
** Changed in: mahara
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/843568
Title:
Stored passwords with a stronger hash algorithm
Status in Mahar
** Tags removed: password
** Tags added: passwords
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/843568
Title:
Stored passwords with a stronger hash algorithm
Status in Mahara ePortfolio:
above review was abandoned. new review(s) at
remote: https://reviews.mahara.org/854
remote: https://reviews.mahara.org/855
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/843568
Title:
St
https://reviews.mahara.org/852
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/843568
Title:
Stored passwords with a stronger hash algorithm
Status in Mahara ePortfolio:
In Progress
Bug de
See
https://wiki.mahara.org/index.php/Developer_Area/Specifications_in_Development/Improve_Password_Storage
This depends on bug 890045
** Changed in: mahara
Assignee: (unassigned) => Hugh Davenport (hugh-catalyst)
** Changed in: mahara
Status: Triaged => In Progress
--
You received
Just thought i'd link to this article I read a while ago suggesting bcrypt:
http://codahale.com/how-to-safely-store-a-password/ and a sample implementation
from Marco.org: https://gist.github.com/1053158
--
You received this bug notification because you are a member of Mahara
Contributors, whic
The Mozilla Secure Coding Guidelines suggest an interesting migration
procedure:
https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines#Password_Storage
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchp
I like Ruslan's hash upgrade idea. We should do that.
That way Mahara will slowly migrate to better hashes for all of its
active users as they login.
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/b
Using both Blowfish and SHA256 is not ideal as some users will have
stronger passwords than others. We probably may use Blowfish as the main
method. With regard of bulk user creation, we indeed can use SHA256 for
speed, but upon the login of such user, after SHA256 verification,
password hash wil
10 matches
Mail list logo