A quarter of major CMSs use outdated MD5 as the default password hashing scheme

Relax and enjoy The Lounge. For all Non-Joomla! topics or ones that don't fit anywhere else. Normal forum rules apply.
Post Reply
sriz786
Joomla! Apprentice
Joomla! Apprentice
Posts: 25
Joined: Sun Feb 18, 2007 5:40 am

A quarter of major CMSs use outdated MD5 as the default password hashing scheme

Post by sriz786 » Tue Jun 18, 2019 2:38 pm

Greetings,
A quarter of major CMSs use outdated MD5 as the default password hashing scheme

https://www.zdnet.com/article/a-quarter ... ng-scheme/

Would like to start the discussion if Joomla is enabling latest encryption capability in PHP 7.x to protect user passwords with Salt.

Sincerely,
Last edited by toivo on Tue Jun 18, 2019 2:51 pm, edited 1 time in total.
Reason: mod note: moved from 3.x Security

Shanee
Joomla! Apprentice
Joomla! Apprentice
Posts: 10
Joined: Wed Jun 12, 2019 3:56 pm

Re: A quarter of major CMSs use outdated MD5 as the default password hashing scheme

Post by Shanee » Tue Jun 18, 2019 3:50 pm

Hi. If you're using a new(ish) version of Joomla, then it should be using PhPass to hash its passwords. This isn't MD5, and is well trusted. It should select a secure hashing algorithm depending on the version of PHP and extensions installed. I think it will use bcrypt to hash your password provided you have a modern setup, which I think is one of the most trusted algorithms right now. In short, I don't think you need to worry about the hashing algorithm used by Joomla.


Post Reply

Return to “The Lounge”