Re: [squid-users] squid_db_auth to support md5 encrypted passwords patch

From: Henrik Nordström <henrik_at_henriknordstrom.net>
Date: Tue, 13 Jul 2010 22:06:50 +0200

tor 2010-07-08 klockan 12:35 +0300 skrev Milen Pankov:

> Recently I needed to use squid_db_auth against mysql database with md5
> encrypted passwords.

Hmm.. Unsalted MD5 password hashing is not very good as it's subject to
precomputed dictionary attacks and also immediately reveals when two or
more users have set the same password. (both in cases where the attacker
has access to the read the password database, which happens from time to
time..)

> I read a recent discussion on this list (Joomla DB authentication
> support hits Squid!:)) that was regarding integration with joomla
> database, but this wasn't working for me.

Are you also using Joomla password database?

Regards
Henrik
Received on Tue Jul 13 2010 - 20:06:55 MDT

This archive was generated by hypermail 2.2.0 : Wed Jul 14 2010 - 12:00:03 MDT