Hi!
I just enabled the enhanced security mode as one of my longest wished features. Thanks for implementing it
Now I have a few questions about the detailed functionality:
1. Passwords stored in the accounts table with type "sym" (passwords beginning with "$AES-128-CBC$") and the password in /etc/psa/.psa.shadow are encrypted using the key in /etc/psa/private/secret_key. Is that correct?
2. What are those passwords with type "crypt" in the accounts table? Are those hashed values and if so: what hashing algorithm is used?
3. There are still several unencrypted password in the accounts table, whose type is 'plain'. To what kind of account do those passwords belong and is there a way to encrypt those, too? I wasn't able to find any reference to those account_id's in the database.
Thank you in advance!
Michael
I just enabled the enhanced security mode as one of my longest wished features. Thanks for implementing it
Now I have a few questions about the detailed functionality:
1. Passwords stored in the accounts table with type "sym" (passwords beginning with "$AES-128-CBC$") and the password in /etc/psa/.psa.shadow are encrypted using the key in /etc/psa/private/secret_key. Is that correct?
2. What are those passwords with type "crypt" in the accounts table? Are those hashed values and if so: what hashing algorithm is used?
3. There are still several unencrypted password in the accounts table, whose type is 'plain'. To what kind of account do those passwords belong and is there a way to encrypt those, too? I wasn't able to find any reference to those account_id's in the database.
Thank you in advance!
Michael