View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000687 | XMB1 | New Features | public | 2024-04-03 11:48 | 2024-04-15 04:35 |
| Reporter | flushedpancake | Assigned To | miqrogroove | ||
| Priority | normal | Severity | feature | Reproducibility | N/A |
| Status | closed | Resolution | duplicate | ||
| Product Version | 1.9.12.05 | ||||
| Summary | 0000687: Update passwords to use password_hash() instead of md5 | ||||
| Description | This could be a bit based on the existing forums hack by bfgadmin which uses sha256. However it would probably be more feasible to use password_hash() inbuilt php functionality which pregenerates a secure salt. The biggest thing is making sure old md5 hashes get converted to new format when logging in on new update. Testing against the numerous signup methods, existing hacks and such might take some time as well. | ||||
| Additional Information | This is probably best to be left to a new major subversion (1.9.13), rather than doing this right now, due to the amount of retooling needed. From a security standpoint though and with the current speed of which a hash can be decoded, if a DB dump ends up in the wrong hands it could spell fatality in the current state. | ||||
| Tags | No tags attached. | ||||
| MySQL Version | |||||
| PHP Version | |||||
| Web Server | |||||
| Browser | |||||
| Flags | |||||
| Original Reporter | |||||
| SVN Revision | |||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2024-04-03 11:48 | flushedpancake | New Issue | |
| 2024-04-03 18:58 | miqrogroove | Assigned To | => miqrogroove |
| 2024-04-03 18:58 | miqrogroove | Status | new => resolved |
| 2024-04-03 18:58 | miqrogroove | Resolution | open => duplicate |
| 2024-04-03 19:00 | miqrogroove | Note Added: 0000448 | |
| 2024-04-15 04:35 | miqrogroove | Status | resolved => closed |
