X-Git-Url: http://git.harvie.cz/?a=blobdiff_plain;ds=sidebyside;f=doc%2FTODO;h=95ccf36ac55f8cca2f51948a718051ceebd0a51a;hb=94c8f5b3e574715cc692f8a92f8d332e0c55804a;hp=076fd2d0d19dc3698c4a42158b0cbef2f53fd678;hpb=bb6232c50bb6e0ecb5cb5317f1b2ae7f5e861710;p=mirrors%2FKyberia-bloodline.git

diff --git a/doc/TODO b/doc/TODO
index 076fd2d..95ccf36 100644
--- a/doc/TODO
+++ b/doc/TODO
@@ -1,11 +1,10 @@
 - User mail is not working
- (mail seems to be stored in db,
-  error is probably somewhere in template
-  1549888.tpl, 1549887.tpl or 25.tpl )
+ (seems to be fixed, but we still can't delete the mails...)
   Anyway move whole mail handling out of nodes.php (?)
 
 - Registration process is not working
   (rewrite sending of reg. mails) (TEST)
+  (during registration we should generate GnuPG keypair to user_gpg_prv and user_gpg_pub fields in table users)
 
 - SQL injections (many fixed, but some should be still there)
 
@@ -51,9 +50,5 @@
 - Switch completely to Base36 (Templates, Links, don't change $_GET[], queries should convert between base10 in db and base36 in kyberia automatically, etc...)
 
 - (IMHO we should use SHA1 or stronger algorithm instead of MD5 for storing passwords)
-  (We can use multiple hash algorithms (so we'll have backward DB compatibility):
-		{SHA256}0654209dbde29a5c17e4f04ab63a91d303d2e7c791c7b5777581a7fa6550054e
-		{SHA1}f67c52c4a27cf05c99e4f3f946d6500f045a4735
-		5b077a0ab90992d9763c5b120b22c9d7
-  ) Harvie
-
+  (We really need this... I've cracked Hromi's password in few seconds (even when it was relatively secure))
+  (I've implemented this partially. We can now login using various hash algorithms, it's backward compatible, but we still need to edit registration/password changing to use SHA1 when updating passwords in DB)