Not properly secured passwords Not properly secured passwords
 

News:

CPG Release 1.6.27
change DB IP storage fields to accommodate IPv6 addresses
remove use of E_STRICT (PHP 8.4 deprecated)
update README to reflect new website
align code with new .com CPG website
correct deprecation in captcha

Main Menu

Not properly secured passwords

Started by wilk, June 27, 2016, 07:20:18 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

wilk

Please upgrade to more recent security standards in the password processing field. MD5 is ancient and practically forgotten in modern solutions. Even SHA1 is the past. Also lack of salting is terrible, not to mention of no iterations. Time for a BIG upgrade.

Yes, I know this is left for compatibility reasons, but this is very easy to overcome and change format while user is logging in (auth & upgrade). Hashes could be kept in the same field in DB (would be recognizable by format).
PM me for Polish translations (new/update)

ΑndrĂ©

That feature has already been added to cpg1.6.x.

wilk

That it a great news! I hope transition won't be problematic (just an upgrade, not full reinstallation) and plugins mostly will stay compatible.
PM me for Polish translations (new/update)