Page is a not externally linkable
- Code, Content, and Presentation
-- Content Management
---- Lost Joomla Login
coopster - 3:36 pm on Feb 9, 2011 (gmt 0)FIPS 180-3 Secure Hash Standard (SHS)
Most of the moves are for political reasons, imagine that. For example, back in 2006 NIST released this Policy on Hash Functions [csrc.nist.gov]. But most of the hoopla and discussion is centered around documents released in 2008, particularly
FIPS 198-1 The Keyed-Hash Message Authentication Code (HMAC)
You can read them on the FIPS Publications [csrc.nist.gov] page.
The hash ("encrypted") value of a password merely masks the plain text version in some form or another. Once a person has gained access to the files, they already have everything they need, on that particular site anyway. The reasoning given for some of this is that in the event somebody has this much information and is able to reverse engineer the password, now they have the plain text version along with other details of a user including name, address, username, etc. This information could be used on other sites that the user visits or uses such as online banking perhaps. You start to get the picture.
The problem that content management systems are running into is cross-application security. If one CMS changes it's hashing mechanism, but another does not, the single-sign-on feature breaks.
Thread source:: http://www.webmasterworld.com/content_management/4264064.htm
Brought to you by WebmasterWorld: http://www.webmasterworld.com