[PHPBB3-11610] Use a more secure hashing method like bcrypt

XML

Word

Printable

Details

Type: Improvement
Status: Unverified Fix (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 3.1.0-dev
Fix Version/s: 3.1.0-b1
Component/s: Authentication
Labels:
None

GitHub Pull Request URL:
https://github.com/phpbb/phpbb3/pull/1716

Description

phpBB has been using the phpass implementation of a salted md5 for password hashes since the beginnings of phpBB 3.0. With the minimum requirement of PHP 5.3.3 for phpBB 3.1 we can and should however move to more secure hashing methods like bcrypt.

RFC topic: http://area51.phpbb.com/phpBB/viewtopic.php?f=108&t=33231

Attachments

Activity

People

Assignee:: Nils Adermann

Reporter:: Marc

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 16/Jun/13 7:44 PM

Updated:: 19/Mar/14 8:26 PM

Resolved:: 15/Feb/14 1:50 AM