Arc currently outsources password hashing to the openssl command. On Ubuntu 10.04: $ dpkg -l |grep openssl
ii openssl 0.9.8k-7ubuntu8.13
$ echo a |openssl dgst -md5
60b725f10c9c85c70d97880dfe8191b3
On Ubuntu 12.04: $ dpkg -l |grep openssl
ii openssl 1.0.1-4ubuntu5.5
$ echo a |openssl dgst -md5
(stdin)= 60b725f10c9c85c70d97880dfe8191b3
Any suggestions on how we should deal with this? Pick a different digest implementation? Does racket provide a library for digests? Or should we do some hacky stdout munging?Also, arc currently uses sha1, and I updated anarki to switch to sha512. This will break existing passwords. |