[pmwiki-devel] crypt problem on WAMP
Petko Yotov
5ko at 5ko.fr
Fri Jun 4 16:10:07 CDT 2010
On Friday 04 June 2010 17:38:28, Dominique Faure wrote :
> >> I am open to ideas on how PmWiki should deal with this, while
> >> maintaining backward compatibility with existing wiki pages and already
> >> encrypted existing passwords.
> >
> > At least, a warning in the auth form ?
Good idea.
> BTW, since PmWiki only deals with hashed content, why not
> systematically adding some constant padding chars to passwords before
> hashing them?
Because this will break all current passwords, even those that work on
sometning different than "less than 4 characters on PHP5.3/Win".
Md5() seems to work fine so in the past I was thinking that we could have our
function (_crypt?) test for the bug, and if crypt() appears to be broken,
automatically use the md5 hash (even if it is less secure). I never had the
time to work on this.
Petko
More information about the pmwiki-devel
mailing list