From 3de8d24697511fe324cae2526eb65d6aafb5968b Mon Sep 17 00:00:00 2001
From: Yorhel <git@yorhel.nl>
Date: Sun, 1 Nov 2015 10:37:56 +0100
Subject: Removed support for sha256-hashed passwords

They had to be deleted from the database at some point, otherwise we
still have thousands of easily-cracked password hashes in the database.

Note that I could have opted to use scrypt on top of the sha256 hashes
so the passwords would remain secure without needing to reset
everything, but doing that after one year of switching to scrypt is
likely not worth it. Everyone who still actively uses his account has
already been converted to scrypt, everyone else should just reset their
password whevener they decide to come back.
---
 data/config_example.pl | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'data/config_example.pl')

diff --git a/data/config_example.pl b/data/config_example.pl
index b1e405ce..96f003fc 100644
--- a/data/config_example.pl
+++ b/data/config_example.pl
@@ -17,9 +17,8 @@ package VNDB;
   %S,
   url          => 'http://your.site.root/',
   url_static   => 'http://your.static.site.root/',
-  global_salt  => '<some long unique string>',
-  form_salt    => '<another unique string>',
-  scrypt_salt  => '<yet another unique string>',
+  form_salt    => '<some unique string>',
+  scrypt_salt  => '<another unique string>',
 );
 
 
-- 
cgit v1.2.3