Bug #39356
Converting MD5 Password Hashes to SaltedPasswords using Blowfish fails
| Status: | Resolved | Start date: | 2012-07-29 | |
|---|---|---|---|---|
| Priority: | Must have | Due date: | ||
| Assignee: | Steffen Ritter | % Done: | 100% |
|
| Category: | saltedpasswords/rsaauth | |||
| Target version: | 4.5.18 | |||
| TYPO3 Version: | 4.5 | Complexity: | easy | |
| PHP Version: | 5.3 | |||
| Votes: | 2 (View) |
Description
A Salt with BlowFish uses 60 chars.
When converting from MD5, an M is added upfront.
As the Database field is only 60 chars long login is not possible anymore - the salt is truncated.
Associated revisions
[!!!][BUGFIX] *_user table password field is to short
When using the hash-algorithm "blowfish" in saltedpasswords
the hash is 60 chars long - therefore the field length has
been set to 60 characters in SQL, too.
Actually when converting old MD5 passwords to salted
copies, an additional identifer char (M or C) is added to
the hash which results in a 61 character hash.
The result is that login is not possible anymore after
converting the passwords like suggested by the reports
module - the database field has to be increased.
To be safe and because varchar only takes as much space
as really needed increase the field length to 100 chars.
Change-Id: I70646fe7939d41f1a7056376a85c506d10148480
Fixes: #39356
Releases: 4.5, 4.6, 4.7, 6.0
Reviewed-on: http://review.typo3.org/13324
Reviewed-by: Oliver Klee
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
[!!!][BUGFIX] *_user table password field is to short
When using the hash-algorithm "blowfish" in saltedpasswords
the hash is 60 chars long - therefore the field length has
been set to 60 characters in SQL, too.
Actually when converting old MD5 passwords to salted
copies, an additional identifer char (M or C) is added to
the hash which results in a 61 character hash.
The result is that login is not possible anymore after
converting the passwords like suggested by the reports
module - the database field has to be increased.
To be safe and because varchar only takes as much space
as really needed increase the field length to 100 chars.
Change-Id: I70646fe7939d41f1a7056376a85c506d10148480
Fixes: #39356
Releases: 4.5, 4.6, 4.7, 6.0
Reviewed-on: http://review.typo3.org/13324
Reviewed-by: Oliver Klee
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
[!!!][BUGFIX] *_user table password field is to short
When using the hash-algorithm "blowfish" in saltedpasswords
the hash is 60 chars long - therefore the field length has
been set to 60 characters in SQL, too.
Actually when converting old MD5 passwords to salted
copies, an additional identifer char (M or C) is added to
the hash which results in a 61 character hash.
The result is that login is not possible anymore after
converting the passwords like suggested by the reports
module - the database field has to be increased.
To be safe and because varchar only takes as much space
as really needed increase the field length to 100 chars.
Change-Id: I70646fe7939d41f1a7056376a85c506d10148480
Fixes: #39356
Releases: 4.5, 4.6, 4.7, 6.0
Reviewed-on: http://review.typo3.org/13324
Reviewed-by: Oliver Klee
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
[!!!][BUGFIX] *_user table password field is to short
When using the hash-algorithm "blowfish" in saltedpasswords
the hash is 60 chars long - therefore the field length has
been set to 60 characters in SQL, too.
Actually when converting old MD5 passwords to salted
copies, an additional identifer char (M or C) is added to
the hash which results in a 61 character hash.
The result is that login is not possible anymore after
converting the passwords like suggested by the reports
module - the database field has to be increased.
To be safe and because varchar only takes as much space
as really needed increase the field length to 100 chars.
Note for Updating: You do not need to run DB compare
after updating. Everything will work fine without, as
well as after the DB compare. The BulkUpdater, which
needs this change because additionally checks this
and requests a DB compare.
Change-Id: I70646fe7939d41f1a7056376a85c506d10148480
Fixes: #39356
Releases: 4.5, 4.6, 4.7, 6.0
Reviewed-on: http://review.typo3.org/13331
Reviewed-by: Wouter Wolters
Reviewed-by: Oliver Klee
Reviewed-by: Mario Rimann
Reviewed-by: Stefan Neufeind
Reviewed-by: Marcus Schwemer
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
Reviewed-by: Mattias Nilsson
Tested-by: Mattias Nilsson
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
History
Updated by Gerrit Code Review 10 months ago
- Status changed from Accepted to Under Review
Patch set 1 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/13324
Updated by Gerrit Code Review 10 months ago
Patch set 2 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/13324
Updated by Gerrit Code Review 10 months ago
Patch set 1 for branch TYPO3_4-7 has been pushed to the review server.
It is available at http://review.typo3.org/13331
Updated by Steffen Ritter 10 months ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 9fd1bab973fd0f48f6ad852a50e1981d737cf82b.
Updated by Gerrit Code Review 10 months ago
- Status changed from Resolved to Under Review
Patch set 2 for branch TYPO3_4-7 has been pushed to the review server.
It is available at http://review.typo3.org/13331
Updated by Steffen Ritter 9 months ago
- Status changed from Under Review to Resolved
Applied in changeset 32769fefd3ebd7b5e41ccf6102a3afe60356432c.