Forcing all users to reset their passwords would be a clean but uncomfortable migration step. Other possibilities would include keeping the old password until it is changed (which would probably be not anytime soon) or hashing the already hashed passwords again (would require more complicated code and no idea how secure this is).
Thanks for the links. The password I am talking about is indeed the one for online gaming, though we could consider only using one password for gaming and the website when we store it securely in the configuration file. Based on https://bazaar.launchpad.net/~widelands-dev/widelands-website/trunk/view/head:/wlggz/forms.py and the code of the metaserver the password seems to be protected by SHA-1 currently. >From your link, Django seems to support SHA-1 and SHA-2/SHA256 but is using an >different storage format from what we are using currently. We are simply >storing SHA1(password) while the Django-Methods are storing >"SHA1"|"salt"|sha1(password|salt) ( "|" being a string concatenation). >Wouldn't be a problem but I don't know whether there is an advantage of using >the Django methods over using hashlib directly. A short explanation: Encryption and hashing are two completely different things. With Encryption you have a secret key and can later on decrypt the encrypted message by again using the key. So no information is lost by encryption, but the encrypted data is protected against everyone not owning the secret key. With hashing, you are "compressing" your data into a byte sequence of fixed length. Naturally, information is lost this way and for cryptographic hash functions it is considered (practically) impossible to find some data which results in the same hash value. So you can calculate hash("text")=>abc but you can't do magic(abc)=>"text". Additionally, it is not feasible to find a string so hash("text1532")=>abc. Also note that there is no key involved. At least the passwords for internet gaming are stored as SHA1 hashes in the database and I guess the passwords for the forum will also be hashed. So it is not possible to extract the password the user entered from the database and hash it again with a more secure algorithm. What would be possible: The user is entering its password in plaintext when logging in (forum as well as lobby). We could use this plaintext password to update the database entry. This wouldn't help with inactive users, so we would need to run a ... hybrid ... system for quite some time. -- https://code.launchpad.net/~widelands-dev/widelands/net-pwd-security/+merge/340540 Your team Widelands Developers is subscribed to branch lp:~widelands-dev/widelands/net-pwd-security. _______________________________________________ Mailing list: https://launchpad.net/~widelands-dev Post to : widelands-dev@lists.launchpad.net Unsubscribe : https://launchpad.net/~widelands-dev More help : https://help.launchpad.net/ListHelp
