[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Sat Aug 10 01:03:42 CEST 2013
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611
Galen Charlton <gmcharlt at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|Needs Signoff |ASSIGNED
--- Comment #47 from Galen Charlton <gmcharlt at gmail.com> ---
I've squashed the patch series into a set of four that reduce the flapping
while retaining author attribution, and have signed off on them.
I am not, however, setting this bug to signed off, but to assigned. This is
because patron records using the new hash would be unable to authenticate using
SIP or ILS-DI. Note that the following files are using md5_base64 exclusive
when comparing hashes:
C4/SIP/ILS/Patron.pm
C4/ILSDI/Utility.pm
Also, although of less import, C4/Auth_with_ldap.pm isn't using the new hashing
style either when caching the password.
Consequently, follow-ups are needed. I may poke at this some more this
weekend, but the field is free if anybody else wants to work on it.
I'm inclined to think that it may be time to get started on a Koha::Auth
module, if only for the initial reason of creating a home for a single password
verification routine.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list