| commit | 29a48708bb7c3e00e80275a6b898f557f63dff69 | |
| author | Lukas Fleischer <lfleischer@archlinux.org> | |
| Fri, 24 Feb 2017 18:52:28 +0000 (24 19:52 +0100) | ||
| committer | Lukas Fleischer <lfleischer@archlinux.org> | |
| Fri, 24 Feb 2017 21:04:49 +0000 (24 22:04 +0100) | ||
| tree | c1b4f3ec1e5caffaacb796916e5bdb89b5cb19ff | treesnapshot (tar.gz zip) |
| parent | 31754909b1ebbc2a50f1faecbb0cf5058953b840 | commitdiff |
Use bcrypt to hash passwords
Replace the default hash function used for storing passwords by
password_hash() which internally uses bcrypt. Legacy MD5 hashes are
still supported and are immediately converted to the new format when a
user logs in.
Since big parts of the authentication system needed to be rewritten in
this context, this patch also includes some simplification and
refactoring of all code related to password checking and resetting.
Fixes FS#52297.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Replace the default hash function used for storing passwords by
password_hash() which internally uses bcrypt. Legacy MD5 hashes are
still supported and are immediately converted to the new format when a
user logs in.
Since big parts of the authentication system needed to be rewritten in
this context, this patch also includes some simplification and
refactoring of all code related to password checking and resetting.
Fixes FS#52297.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>