[support] How does Drupal generate the stored password
Carl Wiedemann
carl.wiedemann at gmail.com
Wed Mar 16 05:00:12 UTC 2011
Drupal 7 has a different function. See scripts/password-hash.sh
On Tue, Mar 15, 2011 at 10:44 PM, prothero <prothero at geol.ucsb.edu> wrote:
> Tnx. But, when I use md5("myPassword"), I don't get the same result that is
> shown in Drupal's users table (the 'pass' field) for that user. There must
> be something else.
> Bill
>
> William A. Prothero
>
> http://earthednet.org/
>
>
>
> On Mar 15, 2011, at 8:46 PM, Vaibhav Jain wrote:
>
> Hello,
>
> The password in Drupal is generated via MD5 function which is a default in
> PHP.
> Apart from the password, there is nothing that gets added to the password.
> You can check function user_save in user module, which directly sends the
> value in md5 format, that will provide you some more clarity.
>
> I think you are talking of a SALT value that gets added, but this is not
> the case in drupal 6, as it is using MD5
> However, in Drupal 7, SALT is used and MD5 is not followed to save the
> passwords.
>
> On Wed, Mar 16, 2011 at 5:09 AM, prothero <prothero at geol.ucsb.edu> wrote:
>
>> I am going to manipulate the Drupal users table externally. I know that
>> the password in Drupal 6 is generated as an md5 hash, but I'm wondering what
>> the input to the md5 function is. Obviously, it includes the password, but
>> what else?
>> Tnx,
>> Bill
>>
>>
>> William A. Prothero
>> http://earthednet.org/
>>
>>
>>
>>
>> --
>> [ Drupal support list | http://lists.drupal.org/ ]
>>
>
>
>
> --
> Regards,
> Vaibhav Jain
> --
> [ Drupal support list | http://lists.drupal.org/ ]
>
>
>
> --
> [ Drupal support list | http://lists.drupal.org/ ]
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/support/attachments/20110315/308d4556/attachment.html
More information about the support
mailing list