Hi, On Mon, Feb 17, 2014 at 9:35 AM, Coehoorn, Joel <[email protected]> wrote: >> I will like to know exact MD5 hash conversation for this number > > 81dc9bdb52d04dc20036dbd8313ed055
That won't work, actually -- Koha used md5_base64(), not md5_hex(), when generating the hash. > Just be warned: there are different ways of formatting that result, and it > assumes no salt. Best practices for authentication are to prepend a > per-user salt before creating each hash value. And really, best practices > say not to use md5 for passwords at all. It's too weak, almost to the point > where you may just as well store your passwords in plain text. A better > option is bcrypt, which is now supported by koha. Indeed. I want to reinforce this and recommend that folks setting up new Koha databases use 3.14 in order to take advantage of much better user password encryption. Regards, Galen -- Galen Charlton Manager of Implementation Equinox Software, Inc. / The Open Source Experts email: [email protected] direct: +1 770-709-5581 cell: +1 404-984-4366 skype: gmcharlt web: http://www.esilibrary.com/ Supporting Koha and Evergreen: http://koha-community.org & http://evergreen-ils.org _______________________________________________ Koha mailing list http://koha-community.org [email protected] http://lists.katipo.co.nz/mailman/listinfo/koha
