Can’t log in in your Drupal 7.x-dev installation? Run update.php to update the password hashes. There is a new password hashing algorithm in core that provides better protection from rainbow tables.
Can’t log in in your Drupal 7.x-dev installation? Run update.php to update the password hashes. There is a new password hashing algorithm in core that provides better protection from rainbow tables.
Comments
I dare you all to read the whole thread….
Anyhow, the new algorithm should provide total protection against Rainbow tables (i.e. pre-computed tables) since there’s a 6 byte random salt for each password, though obviously a weak password can still be cracked by running likely passwords through the hash algorithm.
Also, note that the patch includes a new script to general via the CLI a hash for a given password, in case you need to go into the DB and change a password to a known value.
Agreed. While reading the entire thread can take some time (after all, there are 270 followups…), it is definitely worth it. You’ll get a lot of in-depth knowledge about why this step is necessary and why “simple” salting isn’t enough to be future-proof.
Post new comment