Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Weak password because of poor encryption of crypt function #65

Open
sse450 opened this issue May 6, 2024 · 0 comments
Open

Weak password because of poor encryption of crypt function #65

sse450 opened this issue May 6, 2024 · 0 comments
Assignees
@Tekki

Comments

@sse450
Copy link

sse450 commented May 6, 2024

Tekki wrote: "By the way, the idea of using long passwords doesn't improve the security as long as we don't change the password encryption. The crypt function only considers the first 8 characters of the password and discards the rest. This means from character 9 onward you can type whatever you want. We should change this as soon as possible."

Thank you pointing at this issue. I think it is better to keep it as an open issue here. This is important especially for the SL instances open to the internet.

We would appreciate if you change password hashing to a stronger one whenever you have time.
@sse450 sse450 changed the title Weak password because of poor crypt hashing Weak password because of poor encryption of crypt function May 6, 2024
@Tekki Tekki self-assigned this May 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Tekki Tekki

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Tekki @sse450