PasswordField not storing salt
Record PasswordField doesn't store and load hashed values properly. It hashes new passwords with randomly generated salt without storing the salt, and re-hashes the database value with a new salt when loading it. There is no mechanism to actually match against the original password.
A test case is provided at https://gist.github.com/872498 .
A test case is provided at https://gist.github.com/872498 .
Leave a comment
I apologize for creating the ticket before discussing it further. The two relavent threads are:
on 2011-04-28 10:13 *
By notnoop
Assigned to set to David Whittaker
Status changed from Invalid to New
on 2011-12-01 10:43 *
By Ján Raška
Assigned to changed from David Whittaker to Ján Raška
Status changed from New to Accepted
(In revision:8f1698a844217563b232c01d7b87db2180f7e075) fix of broken PasswordField using BCrypt-based password encryption (closes #937)
Branch: master
Branch: master