#12365: password generation must be more secured
---------------------------+---------------------------------------
Reporter: eanyx | Owner: nobody
Type: enhancement | Status: new
Priority: critical | Milestone: Unscheduled
Component: System | Version: R1/Development
Resolution: | Keywords: hash password /etc/shadow
Blocked By: | Blocking:
Has a Patch: 1 | Platform: All
---------------------------+---------------------------------------
Comment (by axeld):
Thanks for the patch! It looks good for the most part, though I have a few
comments/questions:
* `crypt.cpp` doesn't really follow our coding style yet.
* Why does libroot link against shared now?
* It looks like we should update AboutSystem to refer to the license.
* Doesn't this make logging in very slow? I would find 5 seconds
inconvenient enough to prefer to go with bcrypt instead.
* Is this already scrypt 1.2 from August 2015?
* The test looks fine; it's as integrated as the rest of it. Ideally, it
would be part of our unit test suite, though.
* Don't we already have a number of SHA 256 computation code in our tree
that could be reused (or replaced if slower)?
Thanks for working on this!
--
Ticket URL: <https://dev.haiku-os.org/ticket/12365#comment:7>
Haiku <https://dev.haiku-os.org>
Haiku - the operating system.