Closed GoogleCodeExporter closed 9 years ago
How about using phpass (http://www.openwall.com/phpass/), the one WordPress
currently
uses?
Original comment by djclue...@gmail.com
on 2 Jul 2008 at 12:04
I don't see any real advantage of using phpass over native PHP hashing
functions with
regards to Halalan since elections usually last for only a day. Halalan would
already be offline by the time a password is cracked. However, it is worth
looking
deeper into this issue so we can further enhance the security of the system.
Original comment by waldemar...@gmail.com
on 2 Jul 2008 at 12:37
I just saw this from the CodeIgniter blog:
$dynamic_salt = microtime();
$static_salt =
'qGPBA8iCM3cUuCbBAQx3E0uOkKTrSeEUiSrAkykEk4sEniyP67Q2BTp8vtDqoqw'; //
Grabbed from file.
$password = 'password'; // Password from input form.
$hashed_password = sha1($dynamic_salt.$password.$static_salt); // Super Secure!
Maybe we can do something similar? :D
Original comment by djclue...@gmail.com
on 4 Jul 2008 at 5:25
Yes, we can do that. We can use the $config['encryption_key'] in halalan.php
as the
static salt.
Original comment by waldemar...@gmail.com
on 4 Jul 2008 at 5:36
Original comment by waldemar...@gmail.com
on 17 Mar 2009 at 6:00
Original comment by waldemar...@gmail.com
on 16 Jun 2010 at 6:58
Original comment by waldemar...@gmail.com
on 7 Feb 2011 at 8:48
Original comment by waldemar...@gmail.com
on 10 Apr 2011 at 6:34
This is already done in admin of 2.x.x. Voters will follow.
Original comment by waldemar...@gmail.com
on 11 Oct 2011 at 12:20
Original comment by daru...@gmail.com
on 16 Oct 2011 at 1:43
For review.
Now using http://php.net/password_hash.
Original issue reported on code.google.com by
waldemar...@gmail.com
on 2 Jul 2008 at 6:56