https://www.redmine.org/https://www.redmine.org/favicon.ico?16793021292011-01-23T18:07:32ZRedmineRedmine - Feature #7410: Add salt to user passwordshttps://www.redmine.org/issues/7410?journal_id=243802011-01-23T18:07:32ZEric Thomas
<ul></ul><p>Duplicates <a class="issue tracker-2 status-5 priority-4 priority-default closed" title="Feature: Add Salt to Authentication (Closed)" href="https://www.redmine.org/issues/6394">#6394</a>.</p> Redmine - Feature #7410: Add salt to user passwordshttps://www.redmine.org/issues/7410?journal_id=255422011-02-23T17:28:14ZJean-Philippe Langjp_lang@yahoo.fr
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Closed</i></li><li><strong>Resolution</strong> set to <i>Fixed</i></li></ul><p>Feature committed in <a class="changeset" title="Adds random salt to user passwords (#7410)." href="https://www.redmine.org/projects/redmine/repository/svn/revisions/4936">r4936</a>.</p> Redmine - Feature #7410: Add salt to user passwordshttps://www.redmine.org/issues/7410?journal_id=279412011-04-15T07:30:21ZRick I
<ul></ul><p>So now if attacker gets hold of the database all he has to do is to remove leading salt (since salt is stored in DB) and proceed with the dictionary attack. I don't see how this makes password any more secure...</p> Redmine - Feature #7410: Add salt to user passwordshttps://www.redmine.org/issues/7410?journal_id=279422011-04-15T07:32:01ZRick I
<ul></ul><p>Rick I wrote:</p>
<blockquote>
<p>So now if attacker gets hold of the database all he has to do is to remove leading salt (since salt is stored in DB) and proceed with the dictionary attack. I don't see how this makes password any more secure...</p>
</blockquote>
<p>Edit:<br />I take it all back. I didn't see salt+password_hash is hashed again.. my bad :F</p> Redmine - Feature #7410: Add salt to user passwordshttps://www.redmine.org/issues/7410?journal_id=1000852020-12-08T08:32:03ZGo MAEDA
<ul><li><strong>Related to</strong> <i><a class="issue tracker-1 status-5 priority-4 priority-default closed" href="/issues/8514">Defect #8514</a>: Custom Password storing break pam_mysql</i> added</li></ul>