New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve secret q/a by using a more modern hashing method. #4993

Merged
merged 2 commits into from Sep 9, 2018

Conversation

Projects
None yet
3 participants
@jdarwood007
Member

jdarwood007 commented Sep 2, 2018

Fixes #3117 by using hash_password. We do not convert old answers as we have no way to verify them. We accept both md5 and hash_password_verify. Due to the varying lengths of the two methods, we don't need to try and figure out the length first. This doesn't attempt to convert the secret question upon successful answers.

Improve secret q/a by using a more modern hashing method.
Fixes #3117 by using hash_password.  We do not convert old answers as we have no way to verify them.  We accept both md5 and hash_password_verify.  Due to the varying lengths of the two methods, we don't need to try and figure out the length first.  This doesn't attempt to convert the secret question upon successful answers.
Show outdated Hide outdated Sources/Reminder.php
@jdarwood007

This comment has been minimized.

Show comment
Hide comment
@jdarwood007

jdarwood007 Sep 8, 2018

Member

Added a nice big comment explaining it all.

Member

jdarwood007 commented Sep 8, 2018

Added a nice big comment explaining it all.

@Sesquipedalian Sesquipedalian merged commit 1c34493 into SimpleMachines:release-2.1 Sep 9, 2018

2 checks passed

Scrutinizer 1 updated code elements
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment