Project

General

Profile

Passwords encryption

Added by Igor Olemskoi (Southbridge) over 16 years ago

Is it possible to use MD5-passwords encryption instead of SHA-1? I want to use users table to authorize with pureftpd-mysql, but it doesn't support SHA-1 algorithm. Please advice how to solve this problem.


Replies (1)

RE: Passwords encryption - Added by Thomas Lecavelier over 16 years ago

Patch pureftpd-mysql ;)

Seriously, you should consider altering pureftpd-mysql instead of redmine auth-sys: md5 is known to be breakable. But if you want to take that risk (not tested at all):

app/models/user.rb

Replace l.18:
require "digest/sha1"
by
require "digest/md5"

then l.272:
Digest::SHA1.hexdigest(clear_password || "")
by
Digest::MD5.hexdigest(clear_password || "")

this should do the trick, if not, look to user and auth controller, a reference to SHA1 would be easy to locate.
Of course, all your ancient account will be locked out.

    (1-1/1)