As of right now the passwords for subsonic users are just hex encodings of the password string, which is easily reversible.
I submit a request that the passwords are stored as a md5 hash that cannot be easily de-encoded.
store passwords on disk as hash, not as simple hex encoding
Moderator: moderators
3 posts
• Page 1 of 1
store passwords on disk as hash, not as simple hex encoding
by achoo5000 » Thu Mar 31, 2011 9:12 pm
- achoo5000
- Posts: 29
- Joined: Wed Mar 30, 2011 10:47 pm
- Location: USA
bump for justice
by achoo5000 » Mon Aug 01, 2011 12:09 am
Now that sindre is reading the forums again I thought I'd bump this to the top.
After all these password hacks in the news I thought we would learn you should never store passwords as plaintext (which is what subsonic does essentially).
The syntax for this password encrypting library couldn't be easier.
PS I'm glad that the new beta runs as non-root for Ubuntu, keep up the good work!
After all these password hacks in the news I thought we would learn you should never store passwords as plaintext (which is what subsonic does essentially).
The syntax for this password encrypting library couldn't be easier.
PS I'm glad that the new beta runs as non-root for Ubuntu, keep up the good work!
- achoo5000
- Posts: 29
- Joined: Wed Mar 30, 2011 10:47 pm
- Location: USA
3 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 4 guests