Admin password storage and treatment

More
3 years 6 months ago #103856 by FF82
FF82 created the topic: Admin password storage and treatment
In order to use LimeSurvey in our company, our security departement wants to know how storage and treatment of the administrator passwords is done (Hashing algorithm, salt used, how many hashing rounds).
I couldn't find any information about this, is there anybody who can give me this information or knows how to get it?

Please Log in to join the conversation.

More
3 years 6 months ago #103862 by Ben_V
Ben_V replied the topic: Admin password storage and treatment
Hello,

Limesurvey hash the password using SHA256 and the result is stored into the db in a BLOB field.

For `lime_users` original table structure a sample is available here
( username="admin" & password="password" )
.

Benoît

EM Variables => bit.ly/1TKQyNu | EM Roadmap => bit.ly/1UTrOB4
Last Releases => 2.6x.x goo.gl/ztWfIV | 2.06/2.6.x => bit.ly/1Qv44A1
Demo Surveys => goo.gl/HuR6Xe (already included in /docs/demosurveys)

Please Log in to join the conversation.

More
3 years 6 months ago #103882 by FF82
FF82 replied the topic: Admin password storage and treatment
Hi Ben_V,

thank you very much for your help.

Please Log in to join the conversation.

Did you already participate in our customer survey?

Don't miss your chance for great prices.

Please click here to participate:

Start now

Start now!

Just create your account and start using Limesurvey today.

Register now