[EP-tech] Re: Password Encryption
Mark Gregson
mark.gregson at qut.edu.au
Tue Mar 12 23:38:27 GMT 2013
Yes but cryptographically that is not the whole picture. It's using a random salt (for rainbow and dictionary attacks) and what looks like a variant of the 'expensive key schedule' used in EksBlowfish<http://en.wikipedia.org/wiki/Bcrypt> (for brute force attacks). I'm sure it could be characterised in greater detail but I'm not an expert on these matters!
Mark
Mark Gregson | Applications and Development Team Leader
Library eServices | Queensland University of Technology
Level 3 | R Block | Kelvin Grove Campus | GPO Box 2434 | Brisbane 4001
Phone: +61 7 3138 3782 | Web: http://eprints.qut.edu.au/<http://www.qut.edu.au/>
ABN: 83 791 724 622
CRICOS No: 00213J
-----Original Message-----
From: eprints-tech-bounces at ecs.soton.ac.uk [mailto:eprints-tech-bounces at ecs.soton.ac.uk] On Behalf Of Dimitrakakis Georgios
Sent: Wednesday, 13 March 2013 12:12 AM
To: eprints-tech at ecs.soton.ac.uk
Subject: [EP-tech] Re: Password Encryption
So if I understand correctly it encrypts the passwords using the
SHA512 algorith, right?
G.
> Dimitrakakis Georgios wrote:
>> Could someone point me to the right place in order to find the way in
>> which user passwords are encrypted in the database using EPrints?
>
> look at EPrints::Utils::crypt()
> https://github.com/eprints/eprints/blob/master/perl_lib/EPrints/Utils.
> pm#L953
>
> ciao
>
> --
> raffaele
> *** Options:
> http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
> *** Archive: http://www.eprints.org/tech.php/
> *** EPrints community wiki: http://wiki.eprints.org/
>
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
*** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
*** Archive: http://www.eprints.org/tech.php/
*** EPrints community wiki: http://wiki.eprints.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/eprints-tech/attachments/20130313/bb292355/attachment.html
More information about the Eprints-tech
mailing list