tassopsaltakis / FilOS

The Friendly Python OS
https://github.com/tassopsaltakis/FilOS/
1 stars 1 forks source link

Password security #18

Closed Rijndael1998 closed 10 months ago

Rijndael1998 commented 10 months ago

The passwords are currently only hashed. They should be salted before hashing. Small hashes are very easy to reverse. For example, in the latest commit, the hash for the superuser was: 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 which is just sha256 for test. If the hash was salted, I wouldn't have been able to find it.

Rijndael1998 commented 10 months ago

This is closed by #20,