dépôts / lhc / web / wiklou.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2cf145a) | patch
Fix interpretation of "A-type" password hashes
authorTim Starling <tstarling@wikimedia.org>
Mon, 14 Nov 2016 05:47:03 +0000 (16:47 +1100)
committerTim Starling <tstarling@wikimedia.org>
Mon, 14 Nov 2016 05:47:03 +0000 (16:47 +1100)
commit7a157e0bea41b7b17c9b4395c6668d9b5b341a96
treeaabca26c695de07b26c8e04541fe8987a434c526tree | snapshot
parent2cf145a4a332ea02e36e286afbb0f6b267ad3f37commit | diff
Fix interpretation of "A-type" password hashes

An A-type hash is an unsalted hash. A B-type hash is a salted hash of
the form md5(salt "-" md5(password)). So it's not correct to have an
A-type hash with a salt. User::comparePasswords() and
CentralAuthUser::getPasswordFromString() already get this right, they
generate :B: prefixes for legacy salted hashes where the salt is not
specified in the database.

Change-Id: Icb809274f9f63641e54daf98332a5646fd58b550
includes/auth/LocalPasswordPrimaryAuthenticationProvider.php diff | blob | history
includes/password/MWOldPassword.php diff | blob | history
Wiklou, le Wiki du Wiklou