Open EverNife opened 6 years ago
AuthMe supports BCrypt too. It's widespread (i.e. default in PHP) and provides stronger security. I don't think we should lower our standards.
I don't think i will be able to change my 4 years old database of authme that is in SHA256 to BCrypt. (At that time, i didn't even know what "hash" was.
I see that authme has a second check for passwords
But will not change all passwords, just the ones that are being inserted.
I see that authme has a second check for passwords
This is what I thought too. We could implement this too. The plugin will try to use BCrypt for hashing and if that fails it tries to SHA256 too. If that works, we could migrate the hash to BCrypt. This way all joining players (existing and new) will be migrated to BCrypt.
Authme default hashalgo is
SHA256
So, probably, most users use it.
Can you make support for it in FlexibleLogin ?