Encrypt PIN in User File

sevenmine / mod-authn-otp

Automatically exported from code.google.com/p/mod-authn-otp

Apache License 2.0

0 stars 0 forks source link

Encrypt PIN in User File #7

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago

One of my consideration, is that the PIN is not encrypted in the userfile.  I 
know that nobody is supose to see this file, but is look unsecure for admins or 
people that have acces to the server.  

A automatic encryption using stardard method of the PIN on first use would be a 
great feature.

Original issue reported on code.google.com by martinpi...@gmail.com on 31 Jan 2011 at 3:48

GoogleCodeExporter commented 9 years ago

Agreed.  It should be a rather simple exercise to store the PIN as a secure 
one-way hash.  It could then be validated during an authentication cycle by a 
hash-and-compare.

Original comment by marcoci...@gmail.com on 14 Mar 2011 at 2:32

GoogleCodeExporter commented 9 years ago

This is now possible in version 1.1.2 by using {{{OTPAuthPINAuthProvider}}}.

Original comment by archie.c...@gmail.com on 22 Mar 2011 at 10:55

Changed state: Fixed
Added labels: Type-Enhancement
Removed labels: Type-Defect