EPrints Technical Mailing List Archive
Message: #01720
< Previous (by date) | Next (by date) > | < Previous (in thread) | Next (in thread) > | Messages - Most Recent First | Threads - Most Recent First
[EP-tech] Re: Password Encryption
- To: eprints-tech@ecs.soton.ac.uk
- Subject: [EP-tech] Re: Password Encryption
- From: Tim Brody <tdb2@ecs.soton.ac.uk>
- Date: Wed, 13 Mar 2013 17:21:14 +0000
EPrints internal authentication uses two methods. Older accounts will use a Unix salted 'crypt', which is limited to 8 characters. New accounts use a repeated SHA-with-salt. You can see which method is being used by inspecting the 'password' column in the 'user' table. See EPrints::Const 'CRYPT' constants for what the numerical method value means. If you want to authenticate against the EPrints database, take a look at EPrints::Utils::crypt_equals. /Tim. On Wed, 2013-03-13 at 09:38 +1000, Mark Gregson wrote: > Yes but cryptographically that is not the whole picture. It's using a > random salt (for rainbow and dictionary attacks) and what looks like a > variant of the 'expensive key schedule' used in EksBlowfish (for brute > force attacks). I’m sure it could be characterised in greater detail > but I’m not an expert on these matters! > > > > Mark > > > > Mark Gregson | Applications and Development Team Leader > Library eServices | Queensland University of Technology > Level 3 | R Block | Kelvin Grove Campus | GPO Box 2434 | Brisbane 4001 > Phone: +61 7 3138 3782 | Web: http://eprints.qut.edu.au/ > ABN: 83 791 724 622 > CRICOS No: 00213J > > > > > > > > -----Original Message----- > From: eprints-tech-bounces@ecs.soton.ac.uk > [mailto:eprints-tech-bounces@ecs.soton.ac.uk] On Behalf Of > Dimitrakakis Georgios > Sent: Wednesday, 13 March 2013 12:12 AM > To: eprints-tech@ecs.soton.ac.uk > Subject: [EP-tech] Re: Password Encryption > > > > So if I understand correctly it encrypts the passwords using the > > SHA512 algorith, right? > > > > G. > > > > > Dimitrakakis Georgios wrote: > > >> Could someone point me to the right place in order to find the way > in > > >> which user passwords are encrypted in the database using EPrints? > > > > > > look at EPrints::Utils::crypt() > > > > https://github.com/eprints/eprints/blob/master/perl_lib/EPrints/Utils. > > > pm#L953 > > > > > > ciao > > > > > > -- > > > raffaele > > > *** Options: > > > http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech > > > *** Archive: http://www.eprints.org/tech.php/ > > > *** EPrints community wiki: http://wiki.eprints.org/ > > > > > > > ---------------------------------------------------------------- > > This message was sent using IMP, the Internet Messaging Program. > > > > *** Options: > http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech > > *** Archive: http://www.eprints.org/tech.php/ > > *** EPrints community wiki: http://wiki.eprints.org/ > > > *** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech > *** Archive: http://www.eprints.org/tech.php/ > *** EPrints community wiki: http://wiki.eprints.org/
Attachment:
signature.asc
Description: This is a digitally signed message part
- References:
- [EP-tech] Password Encryption
- From: "Dimitrakakis Georgios" <giorgis@lib.uoc.gr>
- [EP-tech] Re: Password Encryption
- From: raffaele messuti <raffaele.messuti@gmail.com>
- [EP-tech] Re: Password Encryption
- From: "Dimitrakakis Georgios" <giorgis@lib.uoc.gr>
- [EP-tech] Re: Password Encryption
- From: Mark Gregson <mark.gregson@qut.edu.au>
- [EP-tech] Password Encryption
- Prev by Date: [EP-tech] Re: Tabs in Review section; Admin search
- Next by Date: [EP-tech] Re: Browse by Division
- Previous by thread: [EP-tech] Re: {Disarmed} Re: Password Encryption
- Next by thread: [EP-tech] Re: Fwd: Are Closed Access DepositsIndexed byGoogle Scholar?
- Index(es):