© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
In my proposed fix I took the stance that we should always be treating user input as untrusted. Just hash it and move on.
The code that checked if the password was already hash seemed to have been written so that a migration process could use the same API code to move users around.