I agree that plain md5 hashes are not state-of-the-art anymore (..well, for quite a while). If we update our storage, however, we should guarantee backwards-compatibility.
If anyone wants to dive into this.. Code patches are welcome.. ;) ___________________________
On Fri, Mar 16, 2012 at 8:59 PM, Charles Duffy charles@dyfis.net wrote:
Howdy --
I'm a bit concerned about storing password hashes unsalted -- compared to a salted hash, this makes a stolen database easier to retrieve user passwords from, dangerous if users use their passwords for other purposes as well.
Would salting (and perhaps stretching) the hashes be considered a reasonable feature to support in the future?
BaseX-Talk mailing list BaseX-Talk@mailman.uni-konstanz.de https://mailman.uni-konstanz.de/mailman/listinfo/basex-talk