Passwords encryption

Added by Igor Olemskoi (Southbridge) about 14 years ago

Is it possible to use MD5-passwords encryption instead of SHA-1? I want to use users table to authorize with pureftpd-mysql, but it doesn't support SHA-1 algorithm. Please advice how to solve this problem.

Replies (1)

RE: Passwords encryption - Added by Thomas Lecavelier about 14 years ago

Patch pureftpd-mysql ;)

Seriously, you should consider altering pureftpd-mysql instead of redmine auth-sys: md5 is known to be breakable. But if you want to take that risk (not tested at all):


Replace l.18:
require "digest/sha1"
require "digest/md5"

then l.272:
Digest::SHA1.hexdigest(clear_password || "")
Digest::MD5.hexdigest(clear_password || "")

this should do the trick, if not, look to user and auth controller, a reference to SHA1 would be easy to locate.
Of course, all your ancient account will be locked out.