Joomla 3.2.1 password encryption

前端未结

关注

 3  1457

北海茫月 2020-11-27 18:35

When the user register on the site , and I look in the database joomla_users in the password table, there are password stored in the following formats:

$P$D

3条回答

刺人心 (楼主)

2020-11-27 19:15
Joomla's default user class no longer uses salted MD5 to hash the password. The bind function of the JUser class now calls JUserHelper::hashPassword($array['password']) to encrypt the password.

That function is currently this:
```
public static function hashPassword($password)
    {
            // Use PHPass's portable hashes with a cost of 10.
            $phpass = new PasswordHash(10, true);

            return $phpass->HashPassword($password);
    }
```
And that means that it now relies on PHPass which you can read more about here: http://www.openwall.com/phpass/. Based on reading just the intro of this site, I'm guessing that the encryption is now bcrypt instead of MD5, but Joomla may have overriden the default encryption.
0 讨论(0)

查看其它3个回答
发布评论:

提交评论
- 加载中...