WebAppSec/Secure Coding Guidelines: Difference between revisions

Jump to navigation Jump to search

WebAppSec/Secure Coding Guidelines (view source)

Revision as of 21:33, 19 January 2011

4 bytes added ,  19 January 2011
→‎Migration
Line 100: Line 100:
  Migration Hash = sha512(perUserSalt + md5(user supplied password))
  Migration Hash = sha512(perUserSalt + md5(user supplied password))
2. If authentication via migration hash is successful:
2. If authentication via migration hash is successful:
- Use the user's provided password and calculate the New Hash per the algorithm defined above.
- Use the user's provided password and calculate the New Hash per the algorithm defined above.
- Overwrite the Migration Hash with the New Hash
- Overwrite the Migration Hash with the New Hash
3. If authentication via migration hash is NOT successful:  
3. If authentication via migration hash is NOT successful:  
- The user may already be on the New Hash. Attempt to directly authenticate using the new hash. If this fails, then the password provided by the user is wrong.
- The user may already be on the New Hash. Attempt to directly authenticate using the new hash. If this fails, then the password provided by the user is wrong.


Mcoates
Confirmed users
491

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/278563"

Navigation menu