I am doing bulk uploading for our library patrons for the first time. I set a default password for all my patrons to be 1234 which they can change on their own at the OPAC page. Please, I will like to know exact MD5 hash conversation for this number or precisely how I can decode md5 hash encryption. Sent from Samsung Mobile
Hi, On Mon, Feb 17, 2014 at 9:19 AM, geromoselle <geromoselle@yahoo.com> wrote:
I am doing bulk uploading for our library patrons for the first time. I set a default password for all my patrons to be 1234 which they can change on their own at the OPAC page. Please, I will like to know exact MD5 hash conversation for this number or precisely how I can decode md5 hash encryption.
What version of Koha are you using? Note that starting with 3.14, Crypt::Eksblowfish::Bcrypt rather than Digest::MD5 is used to hash the passwords. If you load the patron records using the built-in patron import tool, you can supply the password in plaintext in the CSV file or as a default value and it will hash it appropriately. If you are using a version of Koha prior to 3.14 and are inserting the patron records directly into the database, the following one-liner will calculate the hash for you: perl -MDigest::MD5 -e 'print Digest::MD5::md5_base64("THEPASSWORD"), "\n"' For Koha 3.14 or later, this will do it: perl -MKoha::AuthUtils -e 'print Koha::AuthUtils::hash_password("THEPASSWORD"), "\n"' Note that this way of calling hash_password() will generate a new random salt each time it is used. Regard, Galen -- Galen Charlton Manager of Implementation Equinox Software, Inc. / The Open Source Experts email: gmc@esilibrary.com direct: +1 770-709-5581 cell: +1 404-984-4366 skype: gmcharlt web: http://www.esilibrary.com/ Supporting Koha and Evergreen: http://koha-community.org & http://evergreen-ils.org
I will like to know exact MD5 hash conversation for this number
81dc9bdb52d04dc20036dbd8313ed055 Just be warned: there are different ways of formatting that result, and it assumes no salt. Best practices for authentication are to prepend a per-user salt before creating each hash value. And really, best practices say not to use md5 for passwords at all. It's too weak, almost to the point where you may just as well store your passwords in plain text. A better option is bcrypt, which is now supported by koha.
how I can decode md5 hash encryption
hashes are not encryption. The difference between a hash and encryption is that hashes are* one way*: *they cannot be decrypted/decoded*. Joel Coehoorn Director of Information Technology York College, Nebraska 402.363.5603 jcoehoorn@york.edu *The mission of York College is to transform lives through Christ-centered education and to equip students for lifelong service to God, family, and society* On Mon, Feb 17, 2014 at 11:19 AM, geromoselle <geromoselle@yahoo.com> wrote:
I am doing bulk uploading for our library patrons for the first time. I set a default password for all my patrons to be 1234 which they can change on their own at the OPAC page. Please, I will like to know exact MD5 hash conversation for this number or precisely how I can decode md5 hash encryption.
Sent from Samsung Mobile _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz http://lists.katipo.co.nz/mailman/listinfo/koha
Hi, On Mon, Feb 17, 2014 at 9:35 AM, Coehoorn, Joel <jcoehoorn@york.edu> wrote:
I will like to know exact MD5 hash conversation for this number
81dc9bdb52d04dc20036dbd8313ed055
That won't work, actually -- Koha used md5_base64(), not md5_hex(), when generating the hash.
Just be warned: there are different ways of formatting that result, and it assumes no salt. Best practices for authentication are to prepend a per-user salt before creating each hash value. And really, best practices say not to use md5 for passwords at all. It's too weak, almost to the point where you may just as well store your passwords in plain text. A better option is bcrypt, which is now supported by koha.
Indeed. I want to reinforce this and recommend that folks setting up new Koha databases use 3.14 in order to take advantage of much better user password encryption. Regards, Galen -- Galen Charlton Manager of Implementation Equinox Software, Inc. / The Open Source Experts email: gmc@esilibrary.com direct: +1 770-709-5581 cell: +1 404-984-4366 skype: gmcharlt web: http://www.esilibrary.com/ Supporting Koha and Evergreen: http://koha-community.org & http://evergreen-ils.org
participants (3)
-
Coehoorn, Joel -
Galen Charlton -
geromoselle