Newbie Spellweaver
- Joined
- Dec 30, 2013
- Messages
- 19
- Reaction score
- 1
final public function hashed($password)
{
return md5($password);
}
final public function hashed($password)
{
$salt = "choose";
$salt2 = "choose";
return sha1($salt.$password.$salt2);
}
Note that this makes 0 sense unless you save the "random" salt somewhere.You can improve it by generating random salt per user.
If you want change existing password hash algorithm, just create a new column "password_v2" and when user login empty the old md5 poop.
You can improve it by generating random salt per user
Moved to tutorials however this is no rocket science.
This barely increases security for users. Both MD5 and SHA1 are deprecated and considered unsafe for use due to practical collision attacks on them.Hello!
You can improve security for your users:
Open class.core.php
REPLACE
Code:final public function hashed($password) { return md5($password); }
with
Code:final public function hashed($password) { $salt = "choose"; $salt2 = "choose"; return sha1($salt.$password.$salt2); }
In $salt and $salt2 insert a random word for example:
$salt = "549ut85fneif(%&495u8";
$salt2 = "5y8j4g89jndfsaui080??";
NB: If you can't login because appears the error "Password incorrect", you need to update all password from only md5 encryptation to new encryptation.