Skepticats Tracker
LnBlog
previous_open_issue.png
Go to the previous open issue
previous_issue.png
Go to the previous issue (open or closed)
star_faded.png
Please log in to bookmark issues
bug_report_small.png
icon_project.png LnBlog / Closed Bug report #94 Use modern password hashing
next_issue.png
Go to the next issue (open or closed)
next_open_issue.png
Go to the next open issue
icon_info.png This issue has been closed with status "Fixed" and resolution "RESOLVED".
Issue basics
  • Type of issue
    Bug report
  • Category
    Security
  • Targetted for
    Not determined
  • Status
    Fixed
  • Progress
  • Priority
    Not determined
User pain
  • Type of bug
    Not triaged
  • Likelihood
    Not triaged
  • Effect
    Not triaged
Affected by this issue (0)
There are no items
People involved
Times and dates
  • Posted at
  • Last updated
  • Estimated time
    Not estimated
  • Time spent
    No time spent
    Click here to see time logged against this issue
Issue details
  • Resolution
    RESOLVED
  • Reproducability
    Not determined
  • Severity
    Not determined
Attachments (0)
There is nothing attached to this issue
Duplicate issues (0)
This issue does not have any duplicates
Description

The current password hashing scheme is a decade-old home-grown thing that uses MD5. Switch this to use the password_hash() and password_verify() functions that are standard in PHP 5.5 and up.

Steps to reproduce this issue
Nothing entered.
#1
 pageer (pageer)
May 11, 2019
Updated password file format and authentication code to use `password_hash()` and `password_verify()`. Passwords will be converted on login.
Changes:
  • The issue was closed
  • Status changed: New => Fixed by pageer (pageer)
  • Percent complete changed: 0 => 100
  • Resolution changed: Not determined => RESOLVED