Branch: Tag:

2013-03-08

2013-03-08 16:51:31 by Henrik Grubbström (Grubba) <grubba@grubba.org>

Passwords: Use stronger password hashes.

Use {crypt,verify}_password() instead of crypt() where possible.

Fallback to Nettle.crypt_md5() otherwise.

Fixes [bug 6358 (#6358)].

1: - // $Id: module.pmod,v 1.108 2008/08/15 12:33:54 mast Exp $ + // $Id$      #include <module.h>   #include <roxen.h>
974:   // Password   // =====================================================================   class Password - //! Password variable (uses crypt) + //! Password variable (uses crypt_password)   {    inherit String;    int width = 20;
985:    mapping val;    if( sizeof( val = get_form_vars(id)) &&    val[""] && strlen(val[""]) ) { -  set( crypt( val[""] ) ); +  set( crypt_password( val[""] ) );    return 1;    }    return 0;