Message4282
Oops. Looks like we implemented the same thing in parallel.
I've just committed and was about to write the following:
Implemented auto-migration to more secure password scheme.
This uses the new config-option 'migrate_passwords' in section 'web'
which is on by default.
I'll look into your patch to see if we take something from it.
Also note that I've made migration the default... and put a note into
the "upgrading" document.
BTW: I'll probably look into the following two things:
- making the number of iterations configurable (by adding a parameter
to password generation which is given by all callers, I don't see
another option)
- add regression tests for the new scheme from rfc6070
anything you've already done in this direction (before we again work in
parallel :-)
Thanks a lot for taking the time to contribute these fixes ! |
|
Date |
User |
Action |
Args |
2011-04-14 18:19:25 | schlatterbeck | set | messageid: <1302805165.43.0.0198995290595.issue2550688@psf.upfronthosting.co.za> |
2011-04-14 18:19:25 | schlatterbeck | set | recipients:
+ schlatterbeck, richard, ber, joseph_myers, elic |
2011-04-14 18:19:25 | schlatterbeck | link | issue2550688 messages |
2011-04-14 18:19:25 | schlatterbeck | create | |
|