View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0004335 | unreal | ircd | public | 2014-10-25 09:37 | 2015-05-23 16:56 |
| Reporter | syzop | Assigned To | syzop | ||
| Priority | normal | Severity | feature | Reproducibility | N/A |
| Status | resolved | Resolution | fixed | ||
| Product Version | 3.4-alpha1 | ||||
| Target Version | 3.4-alpha2 | Fixed in Version | 3.4-alpha3 | ||
| Summary | 0004335: Implement bcrypt password hashing method | ||||
| Description | Basically a hashing algorithm that will use XYZ rounds. That makes cracking passwords take a lot more time, making it more secure. Note that we shouldn't use TOO many rounds, it's not like we want the IRCd to spend 100ms per /OPER attempt.. otherwise you can DoS it down with just 10 attempts per second ;) See http://php.net/manual/en/function.password-hash.php and various other sources (I think I even made an implementation once.. I better look it up). | ||||
| Tags | No tags attached. | ||||
| 3rd party modules | |||||
|
|
Currently we only use 1 round, but it's salted. That's good, but it can be better if we use this also. |
|
|
Added in 3.4-alpha3: https://github.com/unrealircd/unrealircd/commit/d5caf06ec56dd2cd4cf38cf5077bc2cab1838021 TODO: documentation ;) |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2014-10-25 09:37 | syzop | New Issue | |
| 2014-10-25 09:39 | syzop | Note Added: 0018258 | |
| 2014-10-25 09:39 | syzop | Description Updated | |
| 2014-10-25 09:39 | syzop | Status | new => acknowledged |
| 2015-05-23 16:42 | syzop | Note Added: 0018330 | |
| 2015-05-23 16:42 | syzop | Status | acknowledged => resolved |
| 2015-05-23 16:42 | syzop | Fixed in Version | => 3.4-alpha3 |
| 2015-05-23 16:42 | syzop | Resolution | open => fixed |
| 2015-05-23 16:42 | syzop | Assigned To | => syzop |
| 2015-05-23 16:56 | syzop | View Status | private => public |
