Passwords added Unhashed

9 years 6 months ago #160464 by JBDXLT123
Passwords added Unhashed was created by JBDXLT123
Hi Jc,
I read the instructions and I'm a little woried about following a posted procedure that I found after reading the forums.
My idea was to generate strong passwords and then supply them on import in a unhashed form (leaving the 'Use HASHED Passwords' box unchecked).

My question is, does joomla then hash them, or as you warn: You must use appropriately HASHED passwords or you will corrupt your site and compromise security.. ?

Please Log in to join the conversation.

9 years 6 months ago #160466 by jciconsult
Replied by jciconsult on topic Re: Passwords added Unhashed
The normal approach is that you supply nicely strong passwords (CBJUICE generates strong ones as well) and Joomla HASHES them. However, some times, it is necessary to move users from one site to another with the same password. Then, the passwords that are dumped with cbjuice from the first site are already hashed and you don't want to hash them a second time. This distinction is required because joomla stores passwords HASHED and SALTED using a one-way algorithm. It is never possible to get extract the original user password from the Joomla database.

In other words, if this is a fresh start, just supply strong passwords or let CBJUICED do it for you.

Please Log in to join the conversation.

Moderators: beatnantjciconsultwolvertonkrileon
Time to create page: 0.400 seconds

Facebook Twitter LinkedIn