Ticket #308 (new Bug)

Opened 4 months ago

Last modified 1 month ago

Security: using md5 for password is not enough

Reported by: sannu Assigned to:
Priority: major Milestone: DigitalVibes
Component: Security Version:
Keywords: md5, password Cc:

Description

What I can see from code is that passwords are hashed with md5, but without a salt. That's not secure enough, take look at here: http://ilia.ws/archives/68-MD5-Dictionary-Attacks.html

Change History

07/21/08 02:34:54 changed by matt

  • milestone set to Stable release.

10/10/08 16:34:20 changed by matt

  • milestone changed from Stable release to DigitalVibes.

10/10/08 18:52:41 changed by matt

  • summary changed from Using md5 for password is not enough to Security: using md5 for password is not enough.