Fork me on GitHub

Friday, February 8, 2008

“Hashes to hashes” :D

Connected with the new hashing algorithm in SVN I had some problems upgrading my own personal blog, so I had an idea (not yet implemented but it will be soon) which should avoid it.

Salt for the hash is now calculated using a combination of some constants, which are (IIRC :D) the blog url, and the absolute path on the server.

The major problem with this algorithm is that if you’ll ever have to move from a server to another you will have to re-create your user.

Moreover yesterday I discovered something can vary also in other situations, I’ll have to investigate.

So here’s the hack: the salt will be generated once and the stored in a file which will be in your fp-content/config/ (hashsalt.conf.php)

The file won’t be word-readable as the other conf files aren’t (it’s php, so if you call it it won’t be printed but executed, and the execution doesn’t generate any output), and will contain the string which will be the salt to encode passwords.

Moreover you’ll be able to edit this salt by hand for additional strength :)

Aside: on Monday I’ll be talking to one of my professor, and see if FlatPress can be object of my thesis :)