(perhaps this should be a different function?). Anyway, this means less diskspace
is needed (~1.5mb or more), and it also makes it a bit easier for RBAC (#2300).
- Made a new function DoMD5() which is ssl/non-ssl independent. Also made the cloaking
module and the auth functions use it. Hopefully I didn't break anything ;). Suggested
by Bugz (#2298).
attacks (eg: rainbow) and prevents cracking of several passwords at once.
This change means /MKPASSWD will now just generate a different string than before.
Do note however, that the old syntax/encrypted passwords will still work and _will continue
to work_ in the future, for at least the whole 3.2* series.
If you are concerned with security and have some time, then converting your passwords
is probably a good idea... Just in case your configuration file gets stolen one day ;).
- MD5 password encryption is now always available on *NIX, even if SSL is disabled.
random numbers. We will also no longer be using rand()/random() anywhere.
Thanks to dek\ for pointing out this is potentionally dangerous, especially on
win32 with NOSPOOF enabled.