ID: 14390
Title: Automatically update deprectated password hashes
Component: Setup
Level: 1
Class: New feature
Version: 2.2.0i1
Deprecated hashes of user passwords stored in the htpasswd file will now be automatically
updated to a more modern hash format when the respective user logs in.
Specifically, password hashes created with the sha256-crypt algorithm will be udpated to
bcrypt hashes.
sha256-crypt hashes are still considered secure for password hashing.
However, we want to migrate all users' password hashes to the more modern bcrypt
algorithm.
For users whose passwords are hashed with sha256-crypt we can do so automatically in the
background when they authenticate successfully.
Older and less secure password hashes, such as MD5, are not updated automatically.
Show replies by date