* Created Account->encrypt_password() for creating encrypted hashes of passwords. Set the default algorithm to sha256, a ~16 byte random salt and 500,000 re-encryptions (which takes a total of about 0.7 seconds on an Intel i7-6820HQ CPU).
* Added user_algorithm and user_hash_count to the new users database table so that we can remember how a hash was generated, should it be changed down the road.
* Made the salt length configurable by the user (as well as the algorithm and loop count).
Signed-off-by: Digimer <digimer@alteeve.ca>
@ -250,6 +250,7 @@ The database connection error was:
<keyname="log_0168">Failed to create the directory: [#!variable!directory!#]. The error (if any) was: [#!variable!error!#].</key>
<keyname="log_0168">Failed to create the directory: [#!variable!directory!#]. The error (if any) was: [#!variable!error!#].</key>
<keyname="log_0169">Failed to copy the file: [#!variable!source_file!#] to: [#!variable!target_file!#] on the target: [#!variable!target!#] as: [#!variable!remote_user!#]. The error (if any) was: [#!variable!error!#] and the output (if any) was: [#!variable!output!#].</key>
<keyname="log_0169">Failed to copy the file: [#!variable!source_file!#] to: [#!variable!target_file!#] on the target: [#!variable!target!#] as: [#!variable!remote_user!#]. The error (if any) was: [#!variable!error!#] and the output (if any) was: [#!variable!output!#].</key>
<keyname="log_0170"><![CDATA[[ Note ] - The method Storage->copy_file() was asked to copy: [#!variable!source_file!#] to: [#!variable!target_file!#], but the target's parent directory doesn't exist and we were unable to create it.]]></key>
<keyname="log_0170"><![CDATA[[ Note ] - The method Storage->copy_file() was asked to copy: [#!variable!source_file!#] to: [#!variable!target_file!#], but the target's parent directory doesn't exist and we were unable to create it.]]></key>
<keyname="log_0171"><![CDATA[[ Error ] - The method: Account->encrypt_password() tried to use the algorithm: [#!variable!algorithm!#], which is not recognized. Only 'sha256', 'sha384' and 'sha512' are currently supported. The desired algorithm can be set via 'sys::password::algorithm'.]]></key>
<!-- Test words. Do NOT change unless you update 't/Words.t' or tests will needlessly fail. -->
<!-- Test words. Do NOT change unless you update 't/Words.t' or tests will needlessly fail. -->
user_passwordtext,-- A user without a password is disabled.
user_passwordtext,-- A user without a password is disabled.
user_salttext,-- This is used to enhance the security of the user's password.
user_salttext,-- This is used to enhance the security of the user's password.
user_algorithmtext,-- This is the algorithm used to encrypt the password and salt.
user_hash_counttext,-- This is the number of times that the password+salt was re-hashed through the algorithm.
user_languagetext,-- If set, this will choose a different language over the default.
user_languagetext,-- If set, this will choose a different language over the default.
user_is_adminbooleannotnulldefaultfalse,-- If true, all aspects of the program are available to the user.
user_is_adminbooleannotnulldefaultfalse,-- If true, all aspects of the program are available to the user.
user_is_experiencedbooleannotnulldefaultfalse,-- If true, user is allowed to delete a server, alter disk size, alter hardware and do other potentially risky things. They will also get fewer confirmation dialogues.
user_is_experiencedbooleannotnulldefaultfalse,-- If true, user is allowed to delete a server, alter disk size, alter hardware and do other potentially risky things. They will also get fewer confirmation dialogues.