XOOPS 
Forum
Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk
  1. Board index / 
  2. XOOPS Community Support forums / 
  3. Q and A 
  4.  / Using SHA1 instead of md5 for password hashing
Register
1
lukeduff
Using SHA1 instead of md5 for password hashing

  • 2004/6/7 21:22

  • lukeduff

  • Just popping in

  • Posts: 2

  • Since: 2004/6/7 2


I'm importing a few thousand users from another system into XOOPS. I noticed that XOOPS uses md5 to hash passwords, and the system I'm importing from used sha1 to hash.

Can I just hack the couple lines in /include/checklogin.php, /kernel/member.php, lostpass.php, modules/system/admin/users/users.php that mention md5 to sha1 and have everything work? Any other gotchas?
2
Dave_L
Re: Using SHA1 instead of md5 for password hashing

  • 2004/6/7 22:13

  • Dave_L

  • XOOPS is my life!

  • Posts: 2277

  • Since: 2003/11/7


That sounds reasonable, if you've located all the places in the code that use md5() to encode the user password.

The database column xoops_users.pass would also have to be changed from varchar(32) to varchar(40).
3
lukeduff
Re: Using SHA1 instead of md5 for password hashing

  • 2004/6/8 14:34

  • lukeduff

  • Just popping in

  • Posts: 2

  • Since: 2004/6/7 2


Thanks. I forgot that sha1 hashes were longer.

Login

Register now!  |  Lost Password?

Search

Advanced Search

Recent Posts

Who's Online

430 user(s) are online (138 user(s) are browsing Support Forums)

Members: 0

Guests: 430

more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Aug 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits