[Owncloud] Salt
Klaas Freitag
freitag at owncloud.com
Fri Jun 8 09:11:49 UTC 2012
On 08.06.2012 10:40, Thomas Tanghus wrote:
> On Friday 08 June 2012 10:15 Andreas Schneider wrote:
>> You know there is this rocket sience technology from the 70ies. It is called
>> salt in cryptography. I suggested several times to use salting in owncloud
>> but we still don't have it.
>>
>> First linkedin:
>> http://www.h-online.com/security/news/item/LinkedIn-confirms-that-user-
>> passwords-were-compromised-1612554.html
>>
>> then last.fm:
>> http://www.lastfm.de/passwordsecurity
>>
>>
>> next: your owncloud installation ...
>
> Now I don't know much about cryptography, but I read the code, followed the
> password, and to me it looks like you're spreading FUD:
This is not spreading FUD, we have to be careful here. Crypto that only
uses randoms from the same machine is not secure per definition AFAIK.
The problem is: IF somebody gets the content of the database for
whatever reason, it should be as difficult as possible to reconstruct
the passwords used as users tend to use passwords multiple.
I think we always should strive for the best possible solution in this
areas.
regards,
Klaas
More information about the Owncloud
mailing list