Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
Icecast-Server
Icecast-Server
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 94
    • Issues 94
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 1
    • Merge Requests 1
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • External Wiki
    • External Wiki
  • Members
    • Members
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • Xiph.Org
  • Icecast-ServerIcecast-Server
  • Issues
  • #2010

Closed
Open
Opened Mar 16, 2014 by Thomas B. Rücker@tbr😊Owner

Improve Icecast htpasswd hash storage security

Currently Icecast uses unsalted md5 hashes of passwords. Once an attacker obtains access to those the risk is high that simple passwords will be broken by simple md5 look-up through web search.

We should move to using bcrypt, as it's license permits us to incorporate it, also it should allow us to be compatible with the standard htpasswd(1) manipulation tool.

In the meanwhile using forwarded http authentication potentially offers higher security by deferring authentication to another http server.

Assignee
Assign to
Icecast 2.5.0
Milestone
Icecast 2.5.0
Assign milestone
Time tracking
None
Due date
None
Reference: xiph/icecast-server#2010