http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611
Mason James <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #15517|0 |1 is obsolete| | --- Comment #24 from Mason James <[email protected]> --- Created attachment 15518 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=15518&action=edit Bug 9611 - Changing the hashing algorithm from MD5 to Bcrypt What this patch aims to accomplish? * All new passwords are stored as Bcrypt-hashes * For password verification: - If the user was created before this patch was applied then use MD5 to hash the entered password <-- backwards compatibility - If the user was created after this patch was applied then use Bcrypt to hash the entered password * Any password change will be automatically Bcrypt-hashed, this applies to old members whose passwords were stored as MD5 hashes previously Test plan: 1) Add new users and check whether their passwords are stored as Bcrypt hashes or not 2) To test that authentication works for both old as well as new members a) Login as an existing user whose password is stored as a MD5 hash b) Login as an existing user whose password is stored as a Bcrypt hash 3) Change the password of an existing member whose password is stored as an MD5 hash a) Check the new password is stored as a Bcrypt-hash in the database b) Try to login with the new password Signed-off-by: Bernardo Gonzalez Kriegel <[email protected]> Comment: Work as described. Small tabulation errors fixed in followup. Test with patches 1-3 applied, run updatedatabase 1) Old user can login 2) New user can login 3) User with updated password can login 4) Inspection of DB shows different passwords length Signed-off-by: Mason James <[email protected]> -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
