[EP-tech] Re: {Disarmed} Re: Password Encryption

Dimitrakakis Georgios giorgis at lib.uoc.gr
Wed Mar 13 10:45:11 GMT 2013 

Thx for the clarification!

I was wondering how easy is for someone that has access to the EPrints  
database to decrypt the passwords. Apparently it's rather difficult :) !


Best,

G.

> Yes but cryptographically that is not the whole picture. It's using   
> a random salt (for rainbow and dictionary attacks) and what looks   
> like a variant of the 'expensive key schedule' used in   
> EksBlowfish<http://en.wikipedia.org/wiki/Bcrypt> (for brute force   
> attacks). I'm sure it could be characterised in greater detail but   
> I'm not an expert on these matters!
>
>
> Mark
>
> Mark Gregson | Applications and Development Team Leader
> Library eServices | Queensland University of Technology
> Level 3 | R Block | Kelvin Grove Campus | GPO Box 2434 | Brisbane 4001
> Phone: +61 7 3138 3782 | Web:   
> http://eprints.qut.edu.au/<http://www.qut.edu.au/>
> ABN: 83 791 724 622
> CRICOS No: 00213J
>
>
>
>
>
>
> -----Original Message-----
> From: eprints-tech-bounces at ecs.soton.ac.uk   
> [mailto:eprints-tech-bounces at ecs.soton.ac.uk] On Behalf Of   
> Dimitrakakis Georgios
> Sent: Wednesday, 13 March 2013 12:12 AM
> To: eprints-tech at ecs.soton.ac.uk
> Subject: [EP-tech] Re: Password Encryption
>
>
>
> So if I understand correctly it encrypts the passwords using the
>
> SHA512 algorith, right?
>
>
>
> G.
>
>
>
>> Dimitrakakis Georgios wrote:
>
>>> Could someone point me to the right place in order to find the way in
>
>>> which user passwords are encrypted in the database using EPrints?
>
>>
>
>> look at EPrints::Utils::crypt()
>
>> https://github.com/eprints/eprints/blob/master/perl_lib/EPrints/Utils.
>
>> pm#L953
>
>>
>
>> ciao
>
>>
>
>> --
>
>> raffaele
>
>> *** Options:
>
>> http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
>
>> *** Archive: http://www.eprints.org/tech.php/
>
>> *** EPrints community wiki: http://wiki.eprints.org/
>
>>
>
>
>
> ----------------------------------------------------------------
>
> This message was sent using IMP, the Internet Messaging Program.
>
>
>
> *** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
>
> *** Archive: http://www.eprints.org/tech.php/
>
> *** EPrints community wiki: http://wiki.eprints.org/
>

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

More information about the Eprints-tech mailing list