Welcome to the nuBuilder forums!

Please register and login to view forums and other content only available to registered users.

[Changed] Time to say goodbye to MD5

Information about updates, news, Code Library
Post Reply
admin
Site Admin
Posts: 2781
Joined: Mon Jun 15, 2009 2:23 am
nuBuilder Version: 4.5
Been thanked: 1 time

[Changed] Time to say goodbye to MD5

Unread post by admin »

Previously nuBuilder had used MD5 to hash passwords. Since MD5 is a hash function that is weak and no longer considered cryptographically secure, nuBuilder's default way to store passwords is now by using PHP's password_hash() function that generates a secure hash of your password.

How are the password hashes converted to the new standard?

When a user logs in and nuBuilder discovers that the password is still in the database as an MD5 hash, nuBuilder will replace the MD5 password hash in the database with a new hash that is generated with password_hash()

To check which passwords in the database have already been converted, you can run this query:

Code: Select all

SELECT * FROM `zzzzsys_user` WHERE `sus_login_password` LIKE '%$2y$';
(or use the NOT LIKE to get a list of MD5 hashed passwords)
Top
Post Reply

Return to “News & Announcements”