WeBWorK Main Forum

passwords

Re: passwords

by Jason Aubrey -
Number of replies: 0
Ok, well it looks like this occurs because perl's crypt() function uses C's crypt function whose default algorithm only looks at the first 8 characters.

It appears that it is possible to use SHA-256 or SHA-512 algorithms in crypt(). This would have the advantage that the encoded version would depend on users entire password rather than the first 8 characters. Maybe only cryptPassword() in Utils.pm would have to change? On the other hand, there would have to be some way to be allowed to use the existing encoded password until the user changes it.

Jason