games647
commented
6 years ago AuthMe supports BCrypt too. It's widespread (i.e. default in PHP) and provides stronger security. I don't think we should lower our standards.
Open EverNife opened 6 years ago
games647
commented
6 years ago AuthMe supports BCrypt too. It's widespread (i.e. default in PHP) and provides stronger security. I don't think we should lower our standards.
EverNife
commented
6 years ago I don't think i will be able to change my 4 years old database of authme that is in SHA256 to BCrypt. (At that time, i didn't even know what "hash" was.
I see that authme has a second check for passwords
But will not change all passwords, just the ones that are being inserted.
games647
commented
6 years ago I see that authme has a second check for passwords
This is what I thought too. We could implement this too. The plugin will try to use BCrypt for hashing and if that fails it tries to SHA256 too. If that works, we could migrate the hash to BCrypt. This way all joining players (existing and new) will be migrated to BCrypt.
Authme default hashalgo is
SHA256So, probably, most users use it.
Can you make support for it in FlexibleLogin ?