... | ... | @@ -1269,7 +1269,9 @@ reasons: |
|
|
communicated over OpenPGP_encrypted email but stored in LDAP in
|
|
|
cleartext. There is a "hack" present in the web interface to
|
|
|
enforce MD5 passwords on logins, and the mail interface also has
|
|
|
MD5 hardcoded for password resets.
|
|
|
MD5 hardcoded for password resets. Blowfish and HMAC-SHA-1 are also
|
|
|
used to store and authenticate (respectively) LDAP passwords in the
|
|
|
web interface. MD5 is used to hash usernames.
|
|
|
|
|
|
* **rolls its own crypto**: ud-ldap ships its own wrapper around GnuPG,
|
|
|
implementing the (somewhat arcane) commandline dialect. it has not
|
... | ... | |