TWiki Password Encryption

Jeremy Huntwork jhuntwork at linuxfromscratch.org
Mon Jul 19 06:18:33 PDT 2004


Hi,

The TWiki code contains built-in methods for using SHA1 digest
passwords, but the default is to do so only if the server running TWiki
is Windows. Currently the passwords are only encrypted using the crypt()
method.  Seeing that Apache .htpasswd files also support SHA1, it
shouldn't be too difficult to adjust the TWiki code to use that by
default and raise the bar of security a bit.

Any thoughts?

-- 
Jeremy Huntwork
http://www.jenacon.net




More information about the website mailing list