| 1,15 → 1,4 |
|---|
| |
| RA Auth plugins: |
| - Let A1 und A2 create "crypt" compatible strings (see Wikipedia https://en.wikipedia.org/wiki/Crypt_(C)) |
| Something like $vts$algo=md5,mode=3$<salt>$<hash> |
| Attention: Radix64 is different, not Base64! |
| - Instead of having 2 database fields "salt" and "authkey", do the following: |
| (1) remove salt field and integrate the salt in the auth key field |
| (2) Make the authkey database field much bigger! |
| (3) Change plugins A1 and A2, so that they save their salt in the authkey |
| (4) Adjust OIDplusRAAuthInfo (remove salts) |
| (5) verify that getSalt() is not used anywhere |
| |
| Admin Auth: |
| - implement argon2 as alternative to bcrypt? |
| - idea: could RA-auth-plugins also be used to create the admin-hash? problem: setup/ generates hash with javascript, not via PHP!!! |