Re: wiki.debian.org password reset

To: Luca Filipozzi <lfilipoz@debian.org>
Cc: debian-www@lists.debian.org, debian-admin@debian.org
Subject: Re: wiki.debian.org password reset
From: Andrew McGlashan <andrew.mcglashan@affinityvision.com.au>
Date: Mon, 07 Jan 2013 15:01:03 +1100
Message-id: <[🔎] 50EA487F.6060006@affinityvision.com.au>
In-reply-to: <[🔎] 20130107024206.GB15004@emyr.net>
References: <50EA2B92.5060202@affinityvision.com.au> <20130107022820.GA15004@emyr.net> <[🔎] 20130107024206.GB15004@emyr.net>

Hi,

On 7/01/2013 1:42 PM, Luca Filipozzi wrote:
> On Mon, Jan 07, 2013 at 02:28:20AM +0000, Luca Filipozzi wrote:
>> On Mon, Jan 07, 2013 at 12:57:38PM +1100, Andrew McGlashan wrote:
>>> What I want to know is the following....
>>>
>>> Do you perform hardening practices such as described at this page:
>>>
>>>    http://crackstation.net/hashing-security.htm
> 
> Having looked at Google's cached version of that page...

;)

It worked last time I checked, but I too get the broken page now :(

> moin 1.9.x uses SSHA (salted SHA1):
> 
> http://moinmo.in/MoinMoin2.0/SecurePasswordStorage
> 
> It is understood that SHA1 is outdated.

Okay, but SHA1 with key stretching would be better in the short term.

> We've begun a discussion regarding using a newer hash algorithm and possibly a
> key stretching algorithm.
> 
>> Please consider adding debian-www@lists.debian.org and/or
>> debian-admin@debian.org to the thread if/when you reply.
> 
> I've done this.

Thank you, I've done a reply all now.

Cheers
A.

Reply to:

References:
- Re: wiki.debian.org password reset
  - From: Luca Filipozzi <lfilipoz@debian.org>

Prev by Date: Re: Project Participants page: name errors.
Next by Date: Re: wiki.debian.org password reset
Previous by thread: Re: wiki.debian.org password reset
Next by thread: Re: wiki.debian.org password reset
Index(es):
- Date
- Thread