Installer: cleaned up CSS header; updated comments in config.php to not say that passwords are stored with AES (as they are now stored with HMAC-SHA1)
--- a/install/images/css/installer.css Sat Dec 12 16:45:52 2009 -0500
+++ b/install/images/css/installer.css Sat Dec 12 17:30:46 2009 -0500
@@ -1,7 +1,6 @@
/*
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
- * Version 1.1.1
- * Copyright (C) 2006-2007 Dan Fuhry
+ * Copyright (C) 2006-2009 Dan Fuhry
* Installation package
* installer.css - visual styling rules for the installer
*
--- a/install/includes/payload.php Sat Dec 12 16:45:52 2009 -0500
+++ b/install/includes/payload.php Sat Dec 12 17:30:46 2009 -0500
@@ -253,9 +253,12 @@
define('ENANO_CONSTANTS', '');
}
-// The AES encryption key used to store passwords. We have a very specific
-// reason for doing this; see the rationale at:
+// The AES encryption key used for encrypting various bits of information,
+// such as cookies, that should not be editable by users. Read about
+// Enano's security model at:
// http://docs.enanocms.org/Help:Appendix_B
+// This key was at one point used for passwords as well, but this is no
+// longer true.
\$crypto_key = '$site_key';
EOF;