[wp-hackers] Client side password encryption
wordpress at dd32.id.au
Sun Mar 16 09:36:57 GMT 2008
On Sun, 16 Mar 2008 20:27:12 +1100, Viper007Bond <viper at viper007bond.com> wrote:
> So I've been playing around with
> Is it even possible? I can't think of a way to take the MD5 of the password
> and use it to check the password due to the salting. I can't MD5 the
> original password and compare it to the submitted hash as the original
> obviously isn't stored anywhere.
> What about the upgrade method though? Does 2.5 migrate the old MD5 hashes to
> the new method or does it just leave them alone and only screw with the
When the user logs in, if the password hash is <= 32 char, then it creates a new hash for the user with a salt added in.
You of course, could store another password in the database which is not salted, so that it allows you to login via passing a hashed password along, but its not of much use IMO
More information about the wp-hackers