[Typo3] md5 password extensions
Kraft Bernhard
kraftb at gmx.net
Wed Oct 5 12:31:17 CEST 2005
Jay Austad wrote:
> The KB MD5 FE Passwords extension is the one that uses
> "superchallenged" mode. If I migrate users from another DB that have
> their password only hashed once, is this going to work with the KB
> module? This module appears to have the most functionality, but I need
> to authenticate against the old hashes in my other database. Has
> anyone tried this? The documentation for it does not mention if it
> does what I need.
Indeed "superchallenged" passowords are stored just normally "once" md5 hashed
in the DB. superchallenged means that a challenge-response mechanism is used for
verifying the password i.e: not the same hash is sent for login over the network
in two different login processes of the same user - but a different one by using
an unique hash(challenge) value for each login.
So if you migrate from an md5 hashed system you will be completly fine.
But please note that the TYPO3 md5.js javascript has problems with usernames and
passwords which contain non-ASCII characters (umlauts and such stuff) ... replace
the md5.js by the md5.js from:
http://pajhome.org.uk/crypt/md5/
(This one is not included in T3 because of the BSD license I guess :(
greets,
Bernhard
--
Kraft Bernhard
MOKKA Medienagentur <http://www.mokka.at>
T: +43 - 1 - 895 33 33 - 50
More information about the TYPO3-english
mailing list