Rev 1088 | Rev 1125 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 1088 | Rev 1090 | ||
---|---|---|---|
Line 1... | Line 1... | ||
1 | 1 | ||
2 | RA Auth plugins: |
- | |
3 | - Let A1 und A2 create "crypt" compatible strings (see Wikipedia https://en.wikipedia.org/wiki/Crypt_(C)) |
- | |
4 | Something like $vts$algo=md5,mode=3$<salt>$<hash> |
- | |
5 | Attention: Radix64 is different, not Base64! |
- | |
6 | - Instead of having 2 database fields "salt" and "authkey", do the following: |
- | |
7 | (1) remove salt field and integrate the salt in the auth key field |
- | |
8 | (2) Make the authkey database field much bigger! |
- | |
9 | (3) Change plugins A1 and A2, so that they save their salt in the authkey |
- | |
10 | (4) Adjust OIDplusRAAuthInfo (remove salts) |
- | |
11 | (5) verify that getSalt() is not used anywhere |
- | |
12 | - | ||
13 | Admin Auth: |
2 | Admin Auth: |
14 | - implement argon2 as alternative to bcrypt? |
3 | - implement argon2 as alternative to bcrypt? |
15 | - idea: could RA-auth-plugins also be used to create the admin-hash? problem: setup/ generates hash with javascript, not via PHP!!! |
4 | - idea: could RA-auth-plugins also be used to create the admin-hash? problem: setup/ generates hash with javascript, not via PHP!!! |
16 | - BCrypt |
5 | - BCrypt |
17 | Make #rounds and length of admin password configurable (pre-baseconfig?) |
6 | Make #rounds and length of admin password configurable (pre-baseconfig?) |