You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+15-7Lines changed: 15 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,4 +1,5 @@
1
-
#Ikonoshirt_Pbkdf2
1
+
# Ikonoshirt_Pbkdf2
2
+
2
3
Ikonoshirt_Pbkdf2 implements PBKDF2 (http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf) for the basic password hashing in Magento. You have the choice between many hash-algos, iteration-count, key-length, etc. Have a look into the config.xml
3
4
4
5
This module changes by default all passwords of the user AFTER THEIR login to the recommended method for password "hashing" PBKDF2! All password means: Customer, Admin and passwords for the API.
@@ -7,7 +8,13 @@ It is important to understand, that the password is replaced AFTER login. It mea
7
8
8
9
This module should be compatible to Magento EE - the tests run on mage-lite (certification version)
9
10
10
-
##For Developers
11
+
# Installation
12
+
13
+
*CHANGE THIS!*
14
+
prefix: my_magento_store
15
+
16
+
17
+
## For Developers
11
18
12
19
We have overwritten no classes.
13
20
@@ -18,7 +25,7 @@ I tested everything I thought it is a good idea. If you find a bug, open an issu
18
25
19
26
For found bugs, I use TDD, so first write a test which fails and is ok after the fix.
20
27
21
-
##Thanks
28
+
##Thanks
22
29
23
30
Thanks to thebod for talking all the time about security and teaching a sense for it.
24
31
@@ -31,9 +38,9 @@ Thanks to Anthony Ferrara who built PHP-CryptLib and provides test vectors for p
31
38
##Attention!
32
39
Don't use it in production before testing! We can't accept any responsability for this code at the moment.
33
40
34
-
This Module changes the password creation and validation of magento. Don't use it in production! My first tests are good and the login for admin and customer works.
41
+
This Module changes the password creation and validation of magento.
35
42
36
-
##Parameter and Defaults
43
+
##Parameter and Defaults
37
44
Iterations used for the PBKDF2, >= 1000 recommended
38
45
This is the main factor to slow down the hashing
39
46
iterations: 10000
@@ -51,12 +58,13 @@ salt_length: 16
51
58
52
59
"Optionally, to avoid any possible interaction between other applications that use a salt, an application-, message- or user-specific variable called purpose may be prefixed to the randomly generated part of the salt as given below;
53
60
S = purpose || rv."
61
+
54
62
CHANGE THIS!
55
63
prefix: my_magento_store
56
64
57
65
If you have a running shop, all password hashes of the user were encrypted with md5.
58
66
You have to activate this option to check for the old hash too.
59
67
check_legacy_hash: 1
60
68
61
-
##TODO
62
-
- Add a admin-formular to change all passwords to new ones and send mails with new passwords
69
+
##TODO
70
+
- Add a admin-formular to change all passwords to new ones and send mails with new passwords
0 commit comments