I agree that plain md5 hashes are not state-of-the-art anymore (..well, for quite a while). If we update our storage, however, we should guarantee backwards-compatibility. If anyone wants to dive into this.. Code patches are welcome.. ;) ___________________________ On Fri, Mar 16, 2012 at 8:59 PM, Charles Duffy <charles@dyfis.net> wrote:
Howdy --
I'm a bit concerned about storing password hashes unsalted -- compared to a salted hash, this makes a stolen database easier to retrieve user passwords from, dangerous if users use their passwords for other purposes as well.
Would salting (and perhaps stretching) the hashes be considered a reasonable feature to support in the future?
_______________________________________________ BaseX-Talk mailing list BaseX-Talk@mailman.uni-konstanz.de https://mailman.uni-konstanz.de/mailman/listinfo/basex-talk