[Koha] MD5 hash password encryption
Galen Charlton
gmc at esilibrary.com
Tue Feb 18 06:39:25 NZDT 2014
Hi,
On Mon, Feb 17, 2014 at 9:35 AM, Coehoorn, Joel <jcoehoorn at york.edu> wrote:
>> I will like to know exact MD5 hash conversation for this number
>
> 81dc9bdb52d04dc20036dbd8313ed055
That won't work, actually -- Koha used md5_base64(), not md5_hex(),
when generating the hash.
> Just be warned: there are different ways of formatting that result, and it
> assumes no salt. Best practices for authentication are to prepend a
> per-user salt before creating each hash value. And really, best practices
> say not to use md5 for passwords at all. It's too weak, almost to the point
> where you may just as well store your passwords in plain text. A better
> option is bcrypt, which is now supported by koha.
Indeed. I want to reinforce this and recommend that folks setting up
new Koha databases use 3.14 in order to take advantage of much better
user password encryption.
Regards,
Galen
--
Galen Charlton
Manager of Implementation
Equinox Software, Inc. / The Open Source Experts
email: gmc at esilibrary.com
direct: +1 770-709-5581
cell: +1 404-984-4366
skype: gmcharlt
web: http://www.esilibrary.com/
Supporting Koha and Evergreen: http://koha-community.org &
http://evergreen-ils.org
More information about the Koha
mailing list