Re: [Jamwiki-devel] Passwords with salts [was: Question about code fragment]
Brought to you by:
wrh2
Menu
▾
▴
Re: [Jamwiki-devel] Passwords with salts [was: Question about code fragment]
|
From: Ryan H. <rya...@gm...> - 2013-03-20 21:51:02
|
Hi Peter, On 3/20/2013 2:16 PM, Peter Palmreuther wrote: > Does anybody know the rational behind applying a DES encryption to > SHA-512 hash of the password with a not so secret key? It looks to me like the extra encryption is just a remnant from the original VQWiki code that never got removed - it's there in revision 1 of Encryption.java. So long as the SHA algorithm is applied with a random salt then I think the password is sufficiently secure without the need for any additional processing. Provided it's backwards compatible with 1.2.x (or later) and doesn't open any security holes please feel free to make whatever cleanups you think are necessary. Ryan |
