2.3 to 2.5 password hashing?

  • I am very excited about the new password security in wordpress 2.5. I am already running a test blog with 2.5RC1, and I noticed that the password hashes are much more custom. Not to mention, there is a place in wp-config for a custom salt! That’s pretty cool!

    But here’s my problem. What will happen to my existing users’ passwords if I customize that salt? And how will it verify the old users passwords once I update?

    Just wondering…

Viewing 1 replies (of 1 total)

  • Well, for you to test it yourself, your best bet would be to add a user, set the password, change the salt, and give it a shot…

    The only way that I could see that it *should* work would be to save the salt at the time in the users table along with the password and other information. A quick look into the database should show us if it’s there or not, but unfortunately I can’t check mine from work…

    I can check back later this evening and let you know though!

Viewing 1 replies (of 1 total)
  • The topic ‘2.3 to 2.5 password hashing?’ is closed to new replies.