> I think that despite the issues that arise if someone changed the encryption
> method, it's worth having the ability to choose how you want them encrpyed.
> If you're integrating with another system it can be very helpful to use the
> same encryption method on your CMS as, for example, your phpBB forum.
That's a good point! But should we also use a salt? Otherwise the passwords are still very easy attackable with the help of rainbow tables.
I think with should add the option to use salts.
> That said, there should be a default option so that people who don't have
> a preference don't need to make an arbitrary decision.
OK
> It's going to be rare that someone wants to change the password encyption
> mid-stream, and if they do, it's acceptable that they have to mop the mess up
> themselves. We just need to document this clearly.
Sounds reasonable :-)
> Having a separate Password and PasswordEncrypted fields leads to an
> unclear situation when you have both fields populated - which do you use?
Maybe I didn't explain that enough.. I thought about a boolean: "Is the password encrypted?" -> bool PasswordEncrypted
> Another option is to have a PasswordEncryption enum field, which is
> none/password/md5/sha. This has the added benefit of dealing with
> changing encyption type mid-stream.
Hmm... but then the DB needs to know all available algorithms.. but anyway I think that's the best option.
So just to make sure I understand everything right and I'm going to implement the right things:
I will implement the following methods:
- encryptPasswords(bool)
- setPasswordEncryptionAlgorithm(string algo, bool use_salt)
(algo is one of the available algorithms determined by hash_algos())
The passwords will then be encrypted as follows
$password = (use_salt == true) ? hash($algorithm, $pwd . $salt) : hash($algorithm, $pwd);
where $salt is a randomly generated salt which is then stored in the Salt column in the member table (empty string or NULL if not used).
$algorithm will then also be stored in the member table in the column PasswordEncryption
I'll will on that after finishing the OpenID integration in the backend.
Please tell me if everything is OK in that way or if I should change some details.