On Mon, Jan 07, 2013 at 02:28:20AM +0000, Luca Filipozzi wrote: > On Mon, Jan 07, 2013 at 12:57:38PM +1100, Andrew McGlashan wrote: > > What I want to know is the following.... > > > > Do you perform hardening practices such as described at this page: > > > > http://crackstation.net/hashing-security.htm > > lucaf@portabofh:~$ curl http://crackstation.net/hashing-security.htm > Count not connect to PHPCount MySQL server! > lucaf@portabofh:~$
Having looked at Google's cached version of that page... > > - if so, then we should be safe, if not, WHY NOT? > > That site is broken (see above). moin 1.9.x uses SSHA (salted SHA1): http://moinmo.in/MoinMoin2.0/SecurePasswordStorage It is understood that SHA1 is outdated. We've begun a discussion regarding using a newer hash algorithm and possibly a key stretching algorithm. > Please consider adding debian-www@lists.debian.org and/or > debian-ad...@debian.org to the thread if/when you reply. I've done this. Cheers, Luca -- Luca Filipozzi Member, Debian System Administration Team -- To UNSUBSCRIBE, email to debian-www-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130107024206.gb15...@emyr.net
