Not signed in ( Sign In)

Categories

Welcome, Guest

Want to take part in these discussions? Sign in if you have an account, or apply for one below

Vanilla 1.1.10 is a product of Lussumo. More Information: Documentation, Community Support.

    •  
      CommentAuthorEmbrance
    • CommentTimeJan 5th 2008
     permalink
    Lets make a topic to discuss aspects of the whole new FP.First,I saw this onthe live stats site:
    "finally moved from simple md5 to salted wp_hash ; please remember to REINSTALL and OVERWRITE your old user in order to be able to login !"

    What you the difference be? Are the passwords no more MD5?Why is that?Mayve due to the fact that half of the net had like teabytes of hacked md5 passes?
    •  
      CommentAuthorNoWhereMan
    • CommentTimeJan 5th 2008 edited
     permalink
    What you the difference be? Are the passwords no more MD5?


    It depends; it uses a different hashing algorithm, if available

    Mayve due to the fact that half of the net had like teabytes of hacked md5 passes?


    I'll assume you don't know what a rainbow table is.

    http://en.wikipedia.org/wiki/MD5#Vulnerability

    http://en.wikipedia.org/wiki/Rainbow_table

    Embrance, I don't understand if you're just kidding, or you're really annoyed by this. Is more security so unworthy a two step reinstall?

    Even though you might think that it is not likely that someone is going to crack your blog, well, the ostrich algorithm is not always the way to go, especially in computer security.

    Bye
    •  
      CommentAuthorEmbrance
    • CommentTimeJan 5th 2008
     permalink
    First Im not either kidding or anoyed.Im just asking.I know what a rainbow table is,and thats why I asked.Currently if someone can get the MD5 hash fromt eh users folder,he could search the net and probably find the password behind the hash.So,the question is,will the new way of storing passwords be more safe than simple MD5?
    •  
      CommentAuthorNoWhereMan
    • CommentTimeJan 5th 2008 edited
     permalink
    I hope it will :)

    Sorry, I misinterpreted the part about the "terabytes" of cracked hashes in your comment.

    Bye
    •  
      CommentAuthorNoWhereMan
    • CommentTimeFeb 20th 2008 edited
     permalink
    with this last commit (rev73) you might have yet again to reinstall: I've flattened the choice to salted md5 only, as having another choice made difficult transfers from a server to another (say server A has the hash function while target B doesn't: you can't login anymore)

    you might have to reinstall

    also, I had weird issues on my server when upgrading with SESSIONS... I was very puzzled, accessibleantispam didn't work anymore o.O I've disabled it for now, the strange thing is that another installation on the same server does work.

    for the long term I'm thinking about dropping sessions, they're not very reliable...

    please help me testing! SVN is still a bit buggy and I need help!! :)

    bye