Hi guys
I am currently working on setting up password security on a project, and i was wondering how the system exactly works, and thus a have a few questions :)
- I am using SHA512 to hash the passwords, but i am unable to find documentation that describes salting of the password. I have inspected the generated passwords, and can deduct that some sort of manipulation is going on, but i cant seem to sniff out how a salt is generated and/or stored.
- I seems that, even with hashing enabled, it is still possible to add users in the backend with unencrypted passwords, and log in with them. How is the information about what users password is hashed stored?
- Is it possible to make the "Encrypt password" checkbox in the backend user creation checked as default?
- Does the crypto system in DW iterate when hashing the passwords?
Thanks in advance!
- Ronni