Hi, On Mon, Feb 17, 2014 at 9:35 AM, Coehoorn, Joel <jcoehoorn@york.edu> wrote:
I will like to know exact MD5 hash conversation for this number
81dc9bdb52d04dc20036dbd8313ed055
That won't work, actually -- Koha used md5_base64(), not md5_hex(), when generating the hash.
Just be warned: there are different ways of formatting that result, and it assumes no salt. Best practices for authentication are to prepend a per-user salt before creating each hash value. And really, best practices say not to use md5 for passwords at all. It's too weak, almost to the point where you may just as well store your passwords in plain text. A better option is bcrypt, which is now supported by koha.
Indeed. I want to reinforce this and recommend that folks setting up new Koha databases use 3.14 in order to take advantage of much better user password encryption. Regards, Galen -- Galen Charlton Manager of Implementation Equinox Software, Inc. / The Open Source Experts email: gmc@esilibrary.com direct: +1 770-709-5581 cell: +1 404-984-4366 skype: gmcharlt web: http://www.esilibrary.com/ Supporting Koha and Evergreen: http://koha-community.org & http://evergreen-ils.org