[Rt-devel] Password storage format in RT3.6
Jesse Vincent
jesse at bestpractical.com
Tue Aug 8 12:09:22 EDT 2006
On Aug 8, 2006, at 10:49 AM, Arne Georg Gleditsch wrote:
>
> Granted, you need to be able _read_ the password hashes from the
> database to effectively exploit this.
A patch would be much appreciated.
> Still, in any case it seems
> that the "upgrade the legacy password" code path actually reduces the
> security of the system. As things stand it could probably just as
> well be removed.
Depends who you ask. A number of sites are using RT as an
authentication source for other services and rely on the fact that
password storage is or becomes MD5.
Best,
Jesse
>
> Arne.
>
> _______________________________________________
> List info: http://lists.bestpractical.com/cgi-bin/mailman/listinfo/
> rt-devel
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://lists.bestpractical.com/pipermail/rt-devel/attachments/20060808/7df3865c/PGP.pgp
More information about the Rt-devel
mailing list