[MediaWiki-l] upgrading default password hashing algorithm

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[MediaWiki-l] upgrading default password hashing algorithm

kevin zhang
I noticed that MediaWiki 1.33 includes a stronger hash algorithm (argon2)
yet the default password algorithm in use is still pbkdf. The manual page
is not updated for this.
Does anyone know how to safely convert?
Is it advisable to attempt changing to this new hash algorithm?

Thanks,

Kevin
_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: [MediaWiki-l] upgrading default password hashing algorithm

Brian Wolff
If you change the hash, it will convert peoples hashes next time they log
in.

Some hash types can be converted by maintenance scripts, but that tends to
only be the weaker hash wrapped in strong hash types

--
Brian

On Friday, November 29, 2019, Kevin Zhang <[hidden email]> wrote:

> I noticed that MediaWiki 1.33 includes a stronger hash algorithm (argon2)
> yet the default password algorithm in use is still pbkdf. The manual page
> is not updated for this.
> Does anyone know how to safely convert?
> Is it advisable to attempt changing to this new hash algorithm?
>
> Thanks,
>
> Kevin
> _______________________________________________
> MediaWiki-l mailing list
> To unsubscribe, go to:
> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
>
_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l