Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Changing hash method
nshusa
New
Is there a way currently we can change the default hash algorithm instead of using the "Vanilla Hash".
0
Comments
the question is why would you want to?
yes you can define the
PasswordHashclass so it is include earlier than the autoloader to sit gets extended byGdn_PasswordHashwith the required methods HashPassword and CheckPassword.However phppass used by is stronger than the one used by wordpress and uses blowfish encryption as well. Unless you are an expert on hashes and cryptography, you unlikely better it. It is best not messed with.
The other hashes include for compatibility with other framework are generally weaker.
Remember that SSO is a different animal.
grep is your friend.
Because I previously had forum integration with my game. I used IPB and by default they use blowfish so I have the implementation all setup for blowfish. If I were to keep "Vanilla" as the default hash I would need Java implementation of it to use it in my server.
The logical thing to do would be to use Vanilla as the authority in a SSO arrangement.
I don't know if ipb uses blowfish looking at the method used in garden it is of the form
md5(md5($salt).md5($password));
which isn't as good as blowshish.
Note while some hashes are transportable, it is not a good mode of think to thinking of hashes as necessarily transferable.
Btw Java has a fork of phppass
https://github.com/Mollom/phpass-java
grep is your friend.