store passwords on disk as hash, not as simple hex encoding

Got an idea? Missing something? Post your feature request here.

Moderator: moderators

store passwords on disk as hash, not as simple hex encoding

Postby achoo5000 » Thu Mar 31, 2011 9:12 pm

As of right now the passwords for subsonic users are just hex encodings of the password string, which is easily reversible.

I submit a request that the passwords are stored as a md5 hash that cannot be easily de-encoded.
achoo5000
 
Posts: 29
Joined: Wed Mar 30, 2011 10:47 pm
Location: USA

Postby achoo5000 » Wed Apr 27, 2011 6:46 am

Here is a java library for doing correct password storing:

http://www.mindrot.org/projects/jBCrypt/
achoo5000
 
Posts: 29
Joined: Wed Mar 30, 2011 10:47 pm
Location: USA

bump for justice

Postby achoo5000 » Mon Aug 01, 2011 12:09 am

Now that sindre is reading the forums again I thought I'd bump this to the top.

After all these password hacks in the news I thought we would learn you should never store passwords as plaintext (which is what subsonic does essentially).

The syntax for this password encrypting library couldn't be easier.

PS I'm glad that the new beta runs as non-root for Ubuntu, keep up the good work!
achoo5000
 
Posts: 29
Joined: Wed Mar 30, 2011 10:47 pm
Location: USA


Return to Feature Requests

Who is online

Users browsing this forum: No registered users and 24 guests