This is a static dump of issues in the old "Flyspray" bugtracker for DokuWiki. Bugs and feature requests are now tracked at the
issue tracker at Github
.
Closed
Implemented
FS#2794 Replace simple MD5 hashing security with HMAC based one
Security
2013-05-30
andi
According to the discussion at
https://github.com/splitbrain/dokuwiki/commit/0f4e009215bfa3136d334fa557335266637a7585#commitcomment-3319743
we should replace hashes used as secret checksum security mechanism with a HMAC implementation.
2013-05-30
andi
PurePHP version of HMAC
http://www.php.net/manual/en/function.hash-hmac.php#93440
2013-05-30
andi
http://benlog.com/articles/2008/06/19/dont-hash-secrets/
reitereates the point that, md5 and sha1 hashing are not good enough for signature building.
2013-05-30
andi
https://github.com/splitbrain/dokuwiki/pull/226
added
2013-05-31
glen
that dont-hash-secrets points to using HMAC is good, so we are on right track! :)
2013-06-07
andi
007becf8