Rev 1088 | Rev 1125 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
| Rev 1088 | Rev 1090 | ||
|---|---|---|---|
| Line 1... | Line 1... | ||
| 1 | 1 | ||
| 2 | RA Auth plugins: |
- | |
| 3 | - Let A1 und A2 create "crypt" compatible strings (see Wikipedia https://en.wikipedia.org/wiki/Crypt_(C)) |
- | |
| 4 | Something like $vts$algo=md5,mode=3$<salt>$<hash> |
- | |
| 5 | Attention: Radix64 is different, not Base64! |
- | |
| 6 | - Instead of having 2 database fields "salt" and "authkey", do the following: |
- | |
| 7 | (1) remove salt field and integrate the salt in the auth key field |
- | |
| 8 | (2) Make the authkey database field much bigger! |
- | |
| 9 | (3) Change plugins A1 and A2, so that they save their salt in the authkey |
- | |
| 10 | (4) Adjust OIDplusRAAuthInfo (remove salts) |
- | |
| 11 | (5) verify that getSalt() is not used anywhere |
- | |
| 12 | - | ||
| 13 | Admin Auth: |
2 | Admin Auth: |
| 14 | - implement argon2 as alternative to bcrypt? |
3 | - implement argon2 as alternative to bcrypt? |
| 15 | - idea: could RA-auth-plugins also be used to create the admin-hash? problem: setup/ generates hash with javascript, not via PHP!!! |
4 | - idea: could RA-auth-plugins also be used to create the admin-hash? problem: setup/ generates hash with javascript, not via PHP!!! |
| 16 | - BCrypt |
5 | - BCrypt |
| 17 | Make #rounds and length of admin password configurable (pre-baseconfig?) |
6 | Make #rounds and length of admin password configurable (pre-baseconfig?) |