https://bugzilla.wikimedia.org/show_bug.cgi?id=28419
--- Comment #70 from Tyler Romeo <[email protected]> 2012-08-07 13:13:03 UTC --- (In reply to comment #69) > - I've cleaned the code up some more and added some more documentation. > - Implemented password upgrading. > - Switched to the test-cases-in-implementation style. > - Separated the PBKDF2-HMAC implementation into it's own method and prepared > the system for hash_pbkdf2 to be used when released. > - Implemented login form and api handling for the new password system. > > A Gerrit branch is being created so the code will end up in the repo soon. > > The code is pretty much complete at this point. However I'm still mulling over > how to handle recursive layer password types like a PEPPER type that adds a > fixed salt not stored in the database but does it without mandating what > password type you use. Awesome! Yeah I saw the Gerrit branch yesterday. And I was thinking about that as well (the recursive layers idea). Unfortunately, to create a proper implementation of such a feature, a given layer would have to be compatible with any other type of hash. That means that each layer would either a) have to use every possible option (impossible) or b) only use things that are common to all hash types. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
