[TYPO3-english] Passwords in sha-512

Jigal van Hemert jigal.van.hemert at typo3.org
Sat Mar 30 13:28:38 CET 2013


On 29-3-2013 23:32, Jan Bednarik wrote:
> I need to import database of users and their passwords are hashed using
> sha-512. I was wondering whether it's possible to configure
> rsaauth/saltedpasswords extension to use this alghoritm. Or any other
> extension for such use?

You can extend the saltedpasswords extension with your own saltMethod. 
There is one feature you can use to help these users get properly salted 
hashes for their passwords. Passwords prefixed with C$ or M$ are salted 
hashes of the old clear text password with lower hash looping count from 
t3sec_saltedpw (C) or MD5-hashes (M).
These passwords are validated with the old method and updated to a new 
salted password during login of the user.

You can use this method with your own saltMethod. Validate the password 
which needs to be updated with your old sha-512 method and update it to 
a salted password with the method you prefer. You can copy one of the 
saltMethods from the saltedpasswords sysext as inspiration.

Jigal van Hemert
TYPO3 CMS Core Team member

TYPO3 .... inspiring people to share!
Get involved: typo3.org

More information about the TYPO3-english mailing list