Open Lartza opened 9 years ago
definetly need a more secure one. I'd recommend something like a salted sha512 or whirlpool. I might try and make a pull request.
At the current time, I'm not good enough with PHP to work that into mumpi, in a backwards or upgradeable fashion. Instead I'll leave a piece here:
function randString($strLen = 64, $seed = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()')
{
$seed = str_split($seed); //Turn the seed into an array
shuffle($seed); //shuffle it (probably redundant)
foreach(array_rand($seed, $strLen) as $key) //return strlen ammount of random indexes in the array seed, and pass them as keys into the foreach.
{
$randString .= $seed[$key]; //append the random character to the string
}
return $randString;
}
That's the function I would use to generate a salt
Yeah, I agree. There is no reason not to use a more secure hashing algorithm.
PR #59 implements a stronger PW mechanism with PHP 5.5s native methods.
When trying to find a way to add admins by letting them set their password I rummaged around the code and data a bit, and currently the admin passwords are non-salted SHA-1 hashes...
Maybe a more secure way should be implemented?