EPrints Technical Mailing List Archive
Message: #01717
< Previous (by date) | Next (by date) > | < Previous (in thread) | Next (in thread) > | Messages - Most Recent First | Threads - Most Recent First
[EP-tech] Re: {Disarmed} Re: Password Encryption
- To: eprints-tech@ecs.soton.ac.uk
- Subject: [EP-tech] Re: {Disarmed} Re: Password Encryption
- From: "Dimitrakakis Georgios" <giorgis@lib.uoc.gr>
- Date: Wed, 13 Mar 2013 12:45:11 +0200
Thx for the clarification!I was wondering how easy is for someone that has access to the EPrints database to decrypt the passwords. Apparently it's rather difficult :) !
Best, G.
Yes but cryptographically that is not the whole picture. It's using a random salt (for rainbow and dictionary attacks) and what looks like a variant of the 'expensive key schedule' used in EksBlowfish<http://en.wikipedia.org/wiki/Bcrypt> (for brute force attacks). I'm sure it could be characterised in greater detail but I'm not an expert on these matters!Mark Mark Gregson | Applications and Development Team Leader Library eServices | Queensland University of Technology Level 3 | R Block | Kelvin Grove Campus | GPO Box 2434 | Brisbane 4001Phone: +61 7 3138 3782 | Web: http://eprints.qut.edu.au/<http://www.qut.edu.au/>ABN: 83 791 724 622 CRICOS No: 00213J -----Original Message-----From: eprints-tech-bounces@ecs.soton.ac.uk [mailto:eprints-tech-bounces@ecs.soton.ac.uk] On Behalf Of Dimitrakakis GeorgiosSent: Wednesday, 13 March 2013 12:12 AM To: eprints-tech@ecs.soton.ac.uk Subject: [EP-tech] Re: Password Encryption So if I understand correctly it encrypts the passwords using the SHA512 algorith, right? G.Dimitrakakis Georgios wrote:Could someone point me to the right place in order to find the way inwhich user passwords are encrypted in the database using EPrints?look at EPrints::Utils::crypt()https://github.com/eprints/eprints/blob/master/perl_lib/EPrints/Utils.pm#L953ciao--raffaele*** Options:http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech*** Archive: http://www.eprints.org/tech.php/*** EPrints community wiki: http://wiki.eprints.org/---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. *** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech *** Archive: http://www.eprints.org/tech.php/ *** EPrints community wiki: http://wiki.eprints.org/
---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.
- References:
- [EP-tech] Password Encryption
- From: "Dimitrakakis Georgios" <giorgis@lib.uoc.gr>
- [EP-tech] Re: Password Encryption
- From: raffaele messuti <raffaele.messuti@gmail.com>
- [EP-tech] Re: Password Encryption
- From: "Dimitrakakis Georgios" <giorgis@lib.uoc.gr>
- [EP-tech] Re: Password Encryption
- From: Mark Gregson <mark.gregson@qut.edu.au>
- [EP-tech] Password Encryption
- Prev by Date: [EP-tech] Re: Browse by Division
- Next by Date: [EP-tech] Re: How to disable password auto-complete in Login Form
- Previous by thread: [EP-tech] Re: Password Encryption
- Next by thread: [EP-tech] Re: Password Encryption
- Index(es):