Currently the password hash salt used is unique per-instance rather than per-user. This ignores half of the usefulness of salting. Each user should have their own unique salt.
(Not even sure if this project is still alive, just something I noticed flipping through)
Currently the password hash salt used is unique per-instance rather than per-user. This ignores half of the usefulness of salting. Each user should have their own unique salt.
(Not even sure if this project is still alive, just something I noticed flipping through)