I support that. If someone needs plain md5, they can use the hooks to generate and compare the hashes.
On Wed, May 29, 2013 at 1:38 PM, Daniel Friesen <[email protected]> wrote: > It would be nice to kill off $wgPasswordSalt if we could (the ability to set > it to false that is). > > This setting controls whether we use a salted password algorithm or an > unsalted one. Basically making something somewhat secure almost completely > insecure. > > This setting appears to exist to make it possible for auth plugins on other > pieces of 3rd party software to login using MediaWiki accounts by directly > accessing MediaWiki's database but not bothering to understand any of > MediaWiki's password algorithms. > > A fairly dubious rationale to exist IMHO. > > The current documentation on the setting is also complete and totally false. > It says "For compatibility with old installations set to false.", but at > this point this has absolutely nothing to do with compatibility. > > Frankly even if we do have any sort of remaining incompatibility I'd bet it > would be fairly trivial to actually solve (eg: For ancient password hashes > just try both ancient algorithms instead of just one). > > -- > ~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://danielfriesen.name/] > > > _______________________________________________ > Wikitech-l mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/wikitech-l _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
