View Issue Details

IDProjectCategoryView StatusLast Update
0022839mantisbtauthenticationpublic2017-12-04 02:25
ReporterdregadAssigned Todregad 
PriorityhighSeveritymajorReproducibilityN/A
Status assignedResolutionopen 
Product Version 
Target Version2.10.0Fixed in Version 
Summary0022839: Deprecate MD5 login method and replace with BCRYPT hash
Description

For many years, Mantis has been using MD5 as the default and "best" hashing algorithm to store users passwords in the database.

Since 2.x requires PHP 5.5.9, we can now use the password_hash() function, which relies on the modern and safe BCRYPT hashing algorithm for better security.

Additional Information

This basically makes several old issues in the tracker that aimed at replacing MD5 by SHA1/SHA256 obsolete, including 0010172, 0011250 and possibly others as well.

TagsNo tags attached.

Relationships

related to 0010172 closeddregad Passwords in SHA256 using a static salt 
related to 0011250 closeddregad Allow SHA1 passwords 

Activities

Issue History

Date Modified Username Field Change
2017-05-06 17:25 dregad New Issue
2017-05-06 17:26 dregad Relationship added related to 0010172
2017-05-06 17:26 dregad Relationship added related to 0011250
2017-05-06 17:34 dregad Assigned To => dregad
2017-05-06 17:34 dregad Status new => assigned
2017-05-06 17:34 dregad Target Version => 2.5.0
2017-05-06 17:34 dregad Note Added: 0056785
2017-05-06 17:35 dregad Description Updated View Revisions
2017-06-04 16:19 atrol Target Version 2.5.0 => 2.6.0
2017-09-03 18:49 vboctor Target Version 2.6.0 => 2.7.0
2017-10-08 23:55 vboctor Target Version 2.7.0 => 2.8.0
2017-10-28 19:14 vboctor Target Version 2.8.0 => 2.9.0
2017-12-04 02:25 vboctor Target Version 2.9.0 => 2.10.0