Project

General

Profile

Actions
Copy link

Feature #7410

closed

Add salt to user passwords

Added by Jean-Philippe Lang almost 14 years ago. Updated over 13 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Accounts / authentication
Target version:
1.2.0
Start date:
2011-01-22
Due date:
% Done:

0%

Estimated time:
Resolution:
Fixed

Description

User passwords are stored as SHA1(password) which makes them vulnerable to a dictionary attack from an attacker who gets access to the database.

The change consists of generating a salt for each user and storing SHA1(salt+SHA1(password)) in the database.

Related issues

Related to Redmine - Feature #6394: Add Salt to AuthenticationClosed2010-09-14

Actions
Related to Redmine - Defect #8514: Custom Password storing break pam_mysqlClosed2011-06-03

Actions
Actions
Copy link

Also available in: Atom PDF