Yes but cryptographically that is not the whole picture. It's using a random salt (for rainbow and dictionary attacks) and what looks like a variant of the 'expensive key schedule' used in EksBlowfish (for brute force attacks). I’m sure it could be characterised in greater detail but I’m not an expert on these matters!

Mark

Mark Gregson | Applications and Development Team Leader
Library eServices | Queensland University of Technology
Level 3 | R Block | Kelvin Grove Campus | GPO Box 2434 | Brisbane 4001
Phone: +61 7 3138 3782 | Web: http://eprints.qut.edu.au/
ABN: 83 791 724 622
CRICOS No: 00213J

-----Original Message-----
From: eprints-tech-bounces@ecs.soton.ac.uk [mailto:eprints-tech-bounces@ecs.soton.ac.uk] On Behalf Of Dimitrakakis Georgios
Sent: Wednesday, 13 March 2013 12:12 AM
To: eprints-tech@ecs.soton.ac.uk
Subject: [EP-tech] Re: Password Encryption

So if I understand correctly it encrypts the passwords using the

SHA512 algorith, right?

G.

> Dimitrakakis Georgios wrote:

>> Could someone point me to the right place in order to find the way in

>> which user passwords are encrypted in the database using EPrints?

> 

> look at EPrints::Utils::crypt()

> https://github.com/eprints/eprints/blob/master/perl_lib/EPrints/Utils.

> pm#L953

> 

> ciao

> 

> --

> raffaele

> *** Options:

> http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech

> *** Archive: http://www.eprints.org/tech.php/

> *** EPrints community wiki: http://wiki.eprints.org/

> 

----------------------------------------------------------------

This message was sent using IMP, the Internet Messaging Program.

*** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech

*** Archive: http://www.eprints.org/tech.php/

*** EPrints community wiki: http://wiki.eprints.org/