EPrints Technical Mailing List Archive
See the EPrints wiki for instructions on how to join this mailing list and related information.
Message: #01711
< Previous (by date) | Next (by date) > | < Previous (in thread) | Next (in thread) > | Messages - Most Recent First | Threads - Most Recent First
[EP-tech] Re: Password Encryption
- To: "eprints-tech@ecs.soton.ac.uk" <eprints-tech@ecs.soton.ac.uk>
- Subject: [EP-tech] Re: Password Encryption
- From: Mark Gregson <mark.gregson@qut.edu.au>
- Date: Wed, 13 Mar 2013 09:38:27 +1000
Yes but cryptographically that is not the whole picture. It's using a random salt (for rainbow and dictionary attacks) and what looks like a variant of the 'expensive key schedule' used in EksBlowfish (for brute force attacks). I’m sure it could be characterised in greater detail but I’m not an expert on these matters! Mark Mark Gregson | Applications and Development Team Leader -----Original Message----- So if I understand correctly it encrypts the passwords using the SHA512 algorith, right? G. > Dimitrakakis Georgios wrote: >> Could someone point me to the right place in order to find the way in >> which user passwords are encrypted in the database using EPrints? > > look at EPrints::Utils::crypt() > https://github.com/eprints/eprints/blob/master/perl_lib/EPrints/Utils. > pm#L953 > > ciao > > -- > raffaele > *** Options: > http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech > *** Archive: http://www.eprints.org/tech.php/ > *** EPrints community wiki: http://wiki.eprints.org/ > ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. *** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech *** Archive: http://www.eprints.org/tech.php/ *** EPrints community wiki: http://wiki.eprints.org/ |
- Follow-Ups:
- [EP-tech] Re: Password Encryption
- From: Tim Brody <tdb2@ecs.soton.ac.uk>
- [EP-tech] Re: Password Encryption
- References:
- [EP-tech] Password Encryption
- From: "Dimitrakakis Georgios" <giorgis@lib.uoc.gr>
- [EP-tech] Re: Password Encryption
- From: raffaele messuti <raffaele.messuti@gmail.com>
- [EP-tech] Re: Password Encryption
- From: "Dimitrakakis Georgios" <giorgis@lib.uoc.gr>
- [EP-tech] Password Encryption
- Prev by Date: [EP-tech] Re: Fwd: Are Closed Access DepositsIndexed byGoogle Scholar?
- Next by Date: [EP-tech] Re: Fwd: Are ClosedAccess DepositsIndexed byGoogle Scholar?
- Previous by thread: [EP-tech] Re: Password Encryption
- Next by thread: [EP-tech] Re: {Disarmed} Re: Password Encryption
- Index(es):