omfgppc - 2008-02-25

cryan wrote: The general availability and rather simple way of working around the protection is something we have been thinking about for a while now. When this functionality was originally implemented the source code was not available for general consumption. I have considered being able to somehow configure the hash value used but the problem is that, with the code as available as it is, any changes made would be just as easy to determine the hash''s value regardless. In addition to further complicate matters that if every time the hash changes then all users using enhanced authentication would need to have their passwords reset, using the new hash value, in order for them to continue to be able to log in. This of course proves to be a major problem. -- Read more at