View Issue Details

IDProjectCategoryView StatusLast Update
0004335unrealircdpublic2015-05-23 16:56
ReportersyzopAssigned Tosyzop 
PrioritynormalSeverityfeatureReproducibilityN/A
Status resolvedResolutionfixed 
Product Version3.4-alpha1 
Target Version3.4-alpha2Fixed in Version3.4-alpha3 
Summary0004335: Implement bcrypt password hashing method
DescriptionBasically a hashing algorithm that will use XYZ rounds. That makes cracking passwords take a lot more time, making it more secure.

Note that we shouldn't use TOO many rounds, it's not like we want the IRCd to spend 100ms per /OPER attempt.. otherwise you can DoS it down with just 10 attempts per second ;)

See http://php.net/manual/en/function.password-hash.php and various other sources (I think I even made an implementation once.. I better look it up).
TagsNo tags attached.
3rd party modules

Activities

syzop

2014-10-25 09:39

administrator   ~0018258

Currently we only use 1 round, but it's salted. That's good, but it can be better if we use this also.

syzop

2015-05-23 16:42

administrator   ~0018330

Added in 3.4-alpha3: https://github.com/unrealircd/unrealircd/commit/d5caf06ec56dd2cd4cf38cf5077bc2cab1838021

TODO: documentation ;)

Issue History

Date Modified Username Field Change
2014-10-25 09:37 syzop New Issue
2014-10-25 09:39 syzop Note Added: 0018258
2014-10-25 09:39 syzop Description Updated View Revisions
2014-10-25 09:39 syzop Status new => acknowledged
2015-05-23 16:42 syzop Note Added: 0018330
2015-05-23 16:42 syzop Status acknowledged => resolved
2015-05-23 16:42 syzop Fixed in Version => 3.4-alpha3
2015-05-23 16:42 syzop Resolution open => fixed
2015-05-23 16:42 syzop Assigned To => syzop
2015-05-23 16:56 syzop View Status private => public