Document limitations of minetest.get_password_hash

author est31 <MTest31@outlook.com>

Wed, 2 Dec 2015 17:26:09 +0000 (18:26 +0100)

committer est31 <MTest31@outlook.com>

Wed, 2 Dec 2015 17:32:14 +0000 (18:32 +0100)
author est31 <MTest31@outlook.com>
Wed, 2 Dec 2015 17:26:09 +0000 (18:26 +0100)
committer est31 <MTest31@outlook.com>
Wed, 2 Dec 2015 17:32:14 +0000 (18:32 +0100)
diff --git a/doc/lua_api.txt b/doc/lua_api.txt

index 11f90ba037840192c2f1f2a540557f0d95d66f7e..4799a30fa00f32baf42290b28174ee100db292bf 100644 (file)
--- a/doc/lua_api.txt
+++ b/doc/lua_api.txt
@@ -1921,7 +1921,11 @@ Call these functions only at load time!
      * Should be called by the authentication handler if privileges changes.
      * To report everybody, set `name=nil`.
  * `minetest.get_password_hash(name, raw_password)`
-    * Convert a name-password pair to a password hash that Minetest can use
+    * Convert a name-password pair to a password hash that Minetest can use.
+    * The returned value alone is not a good basis for password checks based
+    * on comparing the password hash in the database with the password hash
+    * from the function, with an externally provided password, as the hash
+    * in the db might use the new SRP verifier format.
  * `minetest.string_to_privs(str)`: returns `{priv1=true,...}`
  * `minetest.privs_to_string(privs)`: returns `"priv1,priv2,..."`
      * Convert between two privilege representations
author	est31 <MTest31@outlook.com>
	Wed, 2 Dec 2015 17:26:09 +0000 (18:26 +0100)
committer	est31 <MTest31@outlook.com>
	Wed, 2 Dec 2015 17:32:14 +0000 (18:32 +0100)