stackoom
  简体   繁体   中英

Encryption of users passwords in the TYPO3 database

 原文  2017-06-15 16:52:41       security/ typo3

Question

What is the most secure option to store passwords for TYPO3 frontend and backend users ? Which encryption algorithm is used ?

1 answers

solution1
 7 ACCPTED  2017-06-15 17:33:24

There is no encryption of passwords. The passwords are hashed, the mandatory extension "saltedpasswords" takes care of that and provides multiple salted hash algorithms.

The default hashing algorithm configured for both frontend users and backend users is PBKDF2 for new instances, which is the NIST recommended way to store passwords in a FIPS compliant way.

Other hash algorithms can be configured, for instance blowfish and phpass are available by default, too. Own hash algorithms can be added and used if needed.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Storing database passwords of users on a database. Is using the application user password as a salt for encryption a good approach? how to authenticate users without saving passwords in database Is SHA1(3DES-CBC) a good encryption for storing passwords in database? Encryption of hashed passwords? Encryption vs Hashing Passwords How users are verified when passwords are NOT stored as plain text in the database? AES encryption - storing passwords on Android Using asymmetric encryption to secure passwords PHP AES Encryption of passwords and hashes php users passwords protection
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM