EPrints Technical Mailing List Archive

See the EPrints wiki for instructions on how to join this mailing list and related information.

Message: #01711


< Previous (by date) | Next (by date) > | < Previous (in thread) | Next (in thread) > | Messages - Most Recent First | Threads - Most Recent First

[EP-tech] Re: Password Encryption


Yes but cryptographically that is not the whole picture. It's using a random salt (for rainbow and dictionary attacks) and what looks like a variant of the 'expensive key schedule' used in EksBlowfish (for brute force attacks). I’m sure it could be characterised in greater detail but I’m not an expert on these matters!

 

Mark

 

Mark Gregson | Applications and Development Team Leader
Library eServices | Queensland University of Technology
Level 3 | R Block | Kelvin Grove Campus | GPO Box 2434 | Brisbane 4001
Phone: +61 7 3138 3782 | Web:
http://eprints.qut.edu.au/
ABN: 83 791 724 622
CRICOS No: 00213J

 

 

 

-----Original Message-----
From: eprints-tech-bounces@ecs.soton.ac.uk [mailto:eprints-tech-bounces@ecs.soton.ac.uk] On Behalf Of Dimitrakakis Georgios
Sent: Wednesday, 13 March 2013 12:12 AM
To: eprints-tech@ecs.soton.ac.uk
Subject: [EP-tech] Re: Password Encryption

 

So if I understand correctly it encrypts the passwords using the

SHA512 algorith, right?

 

G.

 

> Dimitrakakis Georgios wrote:

>> Could someone point me to the right place in order to find the way in

>> which user passwords are encrypted in the database using EPrints?

> 

> look at EPrints::Utils::crypt()

> https://github.com/eprints/eprints/blob/master/perl_lib/EPrints/Utils.

> pm#L953

> 

> ciao

> 

> --

> raffaele

> *** Options:

> http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech

> *** Archive: http://www.eprints.org/tech.php/

> *** EPrints community wiki: http://wiki.eprints.org/

> 

 

----------------------------------------------------------------

This message was sent using IMP, the Internet Messaging Program.

 

*** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech

*** Archive: http://www.eprints.org/tech.php/

*** EPrints community wiki: http://wiki.eprints.org/