Project

General

Profile

FR Other password storing/hashing techniques

Added by Nils Linde about 14 years ago

Just now, got to "problem". Tried to import my users database into redmine db, then realized, Redmine uses SH1 crypting, to store passwords. I don't know reasons for developers to use this unfrequently used algorithm, but I would suggest to add feature for administrator, i.e. at least at config files, to choose, which password crypting he prefers.
That is quite easy to implement, so main thing is support from community, to vote, if such feature is needed.
Additionally, there can be added another column to user's table, to flag, which algorithm is used, giving ability to switch crypting algorithms whenever is needed and making possible to import many different user databases, from different systems, just adding parameter, which method is used...


Replies (1)

RE: FR Other password storing/hashing techniques - Added by Holger Just about 14 years ago

SHA! is actually NOT infrequently used. It is safe today (in contrast to md5 which is considered broken) and rather fast when compared to SHA256 (and still of sufficient safety). Also, the choice of the encryption algorithm affects many other related systems, so it is not that simple to change it .

    (1-1/1)