Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Need to replace crypt with bcrypt #76

Closed
dagolden opened this issue Mar 9, 2014 · 3 comments
Closed

Need to replace crypt with bcrypt #76

dagolden opened this issue Mar 9, 2014 · 3 comments

Comments

@dagolden
Copy link
Contributor

dagolden commented Mar 9, 2014

Passwords are hashed with crypt, which is -- in this day and age -- extremely insecure.

It should be replaced with bcrypt and some sort of upgrade procedure should be put in place to auto-upgrade passwords to bcrypt hashing when users log in.

For users that don't log in regularly, we should consider whether simply to invalidate their passwords in some way that avoids a brute force attack but allows a user to recover and set a bcrypt hashed password.
@dolmen
Copy link
Contributor

dolmen commented Mar 11, 2014

The password auto-upgrade should also be triggered by a CPAN upload over https.

@wolfsage
Copy link
Collaborator

This is already complete and live by the looks of it?

@andk
Copy link
Owner

andk commented Apr 23, 2016

Yes, thanks, closing

@andk andk closed this as completed Apr 23, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@andk @dolmen @wolfsage