Replace SHA1 hashing with something more secure

Brought to you by: cito, florentaide, mramm, pedersen, percious

#94 Replace SHA1 hashing with something more secure

Milestone: 2.1.2

Status: closed

Owner: nobody

Labels: security (1)

Repository: core

Type: defect

Severity: trivial

Component: core

Version: 2.1.0

Updated: 2011-07-04

Created: 2011-04-25

Creator: Christoph Zwerschke

Private: No

By default, TG 2.1 uses SHA1 to encrypt passwords, which has been broken already 6 years ago (http://www.schneier.com/blog/archives/2005/02/sha1_broken.html), and using a general purpose hash function for storing passwords is not a good idea anyway (http://codahale.com/how-to-safely-store-a-password/). We should replace it with something better in 2.2.

Replace SHA1 hashing with something more secure

Version

Milestone

Searches

Help

#94 Replace SHA1 hashing with something more secure

Discussion