Feature #6394
Add Salt to Authentication
Status: | Closed | Start date: | 2010-09-14 | |
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 0% | |
Category: | - | |||
Target version: | - | |||
Resolution: |
Description
The passwords in the redmine database are hashed, but a salt is not added. If a database is compromised, one could run a rainbow attack and could potentially deduce a username's password.
Related issues
History
#1
Updated by Jean-Philippe Lang almost 10 years ago
- Status changed from New to Closed
Feature committed in r4936.