View Revisions: Issue #22839

Summary 0022839: Deprecate MD5 login method and replace with BCRYPT hash
Revision 2017-05-06 17:35 by dregad
Description

For many years, Mantis has been using MD5 as the default and "best" hashing algorithm to store users passwords in the database.

Since 2.x requires PHP 5.5.9, we can now use the password_hash() function, which relies on the modern and safe BCRYPT hashing algorithm for better security.

Revision 2017-05-06 17:25 by dregad
Description

For many years, Mantis has been using MD5 as the default and "best" hashing algorithm to store users passwords in the database.

Since 2.x requires PHP 5.5.9, we can now rely on password_hash() and the modern and safe BCRYPT hashing algorithm for better security.