This is a static dump of issues in the old "Flyspray" bugtracker for DokuWiki. Bugs and feature requests are now tracked at the issue tracker at Github.

Closed
Implemented

FS#2794 Replace simple MD5 hashing security with HMAC based one

Security

2013-05-30 andi

According to the discussion at https://github.com/splitbrain/dokuwiki/commit/0f4e009215bfa3136d334fa557335266637a7585#commitcomment-3319743 we should replace hashes used as secret checksum security mechanism with a HMAC implementation.
2013-05-30 andi

PurePHP version of HMAC http://www.php.net/manual/en/function.hash-hmac.php#93440
2013-05-30 andi

http://benlog.com/articles/2008/06/19/dont-hash-secrets/ reitereates the point that, md5 and sha1 hashing are not good enough for signature building.
2013-05-30 andi

https://github.com/splitbrain/dokuwiki/pull/226 added
2013-05-31 glen

that dont-hash-secrets points to using HMAC is good, so we are on right track! :)
2013-06-07 andi

007becf8