Branch: Tag:

2013-03-08

2013-03-08 16:51:31 by Henrik Grubbström (Grubba) <grubba@grubba.org>

Passwords: Use stronger password hashes.

Use {crypt,verify}_password() instead of crypt() where possible.

Fallback to Nettle.crypt_md5() otherwise.

Fixes [bug 6358 (#6358)].

5:   #include <config.h>   #include <module.h>   #include <module_constants.h> - constant cvs_version="$Id: prototypes.pike,v 1.219 2008/08/15 12:33:53 mast Exp $"; + constant cvs_version="$Id$";      #ifdef DAV_DEBUG   #define DAV_WERROR(X...) werror(X)
3280:    //! implementation uses the crypted_password() method.    {    string c = crypted_password(); -  return !sizeof(c) || crypt(password, c); +  return !sizeof(c) || verify_password(password, c);    }       int uid();