[aur-dev] FS#17109: AUR passwords are not salted
linas_fi at ymail.com
Fri Jun 25 12:11:23 EDT 2010
Denis Kobozev wrote:
> Here's a patch with a script to salt passwords in the database. It
> assumes that there already a Salt field in the Users table. Hopefully
> it will integrated with Linas's patches.
> Linas, I think salted_hash() should not call md5() internally,
> otherwise it's not very useful to the script. You can take a look at
> the patch if I'm being ambiguous.
My idea was to simply replicate the salted_hash() code in the script when
Note that your patch is not incremental to mine, although it's another way
to perform a scripty change. The functions changed are the previous ones,
and I also took advantage of the opportunity of adding password salting for
updating the hash to sha512.
The query in addsalt() function should have a WHERE Salt IS NULL. That's
nicer than checking it in php.
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
More information about the aur-dev