[TYPO3-english] migration from old fe_users with md5 passwords to rsaauth and saltedpasswords

Bernhard Kraft kraftb at think-open.at
Sat Mar 6 22:56:50 CET 2010


Ansgar B. wrote:

> In concrete situation I have old passwords stored as md5 hashes in DB 
> and want to migrate to rsaauth and salted passwords.
> 
> Are there any hook where I can
> 1. fetch the password
> 2. build a md5 hash
> 3. check it againt old password
> 4. build new password
> 5. write it to the database

The "saltedpasswords" extension should normally do exactly what you 
described. You do not even have to move a finger.

You can't automate the process of migration to saltedpasswords, as you 
do not know the cleartext passwords just by knowing the md5 hashes of 
the passwords.

The saltedpasswords extension will compare submitted passwords during 
login sessions, and fallback to md5 if the stored password is not a 
salted one. When the password is correct it will automagically update 
the password in the database with a salted version created from the 
cleartext password submitted (probably transmitted rsa encrypted).


greets,
Bernhard


More information about the TYPO3-english mailing list