[Owncloud] Salt
Andreas Schneider
asn at cryptomilk.org
Fri Jun 8 09:41:11 UTC 2012
On Friday 08 June 2012 10:40:57 Thomas Tanghus wrote:
> On Friday 08 June 2012 10:15 Andreas Schneider wrote:
> > You know there is this rocket sience technology from the 70ies. It is
> > called salt in cryptography. I suggested several times to use salting in
> > owncloud but we still don't have it.
> >
> > First linkedin:
> > http://www.h-online.com/security/news/item/LinkedIn-confirms-that-user-
> > passwords-were-compromised-1612554.html
> >
> > then last.fm:
> > http://www.lastfm.de/passwordsecurity
> >
> >
> > next: your owncloud installation ...
>
> Now I don't know much about cryptography, but I read the code, followed the
> password, and to me it looks like you're spreading FUD:
>
> https://gitorious.org/owncloud/owncloud/blobs/master/3rdparty/phpass/Passwor
> dHash.php#line208
Sorry, you're right.
$2a$08$lh85qKaF6CVi.azfbThI4.qbLZK9vw0XaLHWr616JbH...
looks like the first part is the random salt and the second is the hash, but
why isn't simply bcrypt used?
--
Andreas Schneider GPG-ID: F33E3FC6
www.cryptomilk.org asn at cryptomilk.org
More information about the Owncloud
mailing list