widelands-dev team mailing list archive

Thread
Date

Re: [Merge] lp:~widelands-dev/widelands/net-pwd-security into lp:widelands

To: mp+340540@xxxxxxxxxxxxxxxxxx
From: Notabilis <notabilis27@xxxxxx>
Date: Sat, 03 Mar 2018 15:38:02 -0000
In-reply-to: <152001843591.21633.9861033376107751758.launchpad@ackee.canonical.com>
Reply-to: mp+340540@xxxxxxxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

Thanks for the review. Reading the config has been fixed. Dropping the close() call is on purpose, it is done automatically in the desctructor of the class.

As secure hash algorithms we could use SHA-2 (over 10 years old but unbroken) or SHA-3 (relatively new, uses different approach). For the website we are using hashlib which seems to support both. Updating the database would probably be messy, though.

A C++ implementation is more of a problem. There are some small repositories where the algorithms are implemented in single files which could easily be integrated into widelands. The problem here is that I guess they never received any review so it might not be secure to use them. Preferably would be a tested library like OpenSSL but that would mean a further dependency for widelands. I haven't tried to extract the needed files out of it yet. (One advantage of SHA-1: It is included in boost.)
-- 
https://code.launchpad.net/~widelands-dev/widelands/net-pwd-security/+merge/340540
Your team Widelands Developers is subscribed to branch lp:~widelands-dev/widelands/net-pwd-security.

References

[Merge] lp:~widelands-dev/widelands/net-pwd-security into lp:widelands
From: Notabilis, 2018-03-02