Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Wikipedia>
  3. Mediawiki
upgrading default password hashing algorithm
msuzhangke8 at gmail
Nov 29, 2019, 8:57 PM
Post #1 of 2 (479 views)
Permalink
I noticed that MediaWiki 1.33 includes a stronger hash algorithm (argon2)
yet the default password algorithm in use is still pbkdf. The manual page
is not updated for this.
Does anyone know how to safely convert?
Is it advisable to attempt changing to this new hash algorithm?

Thanks,

Kevin
_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Re: upgrading default password hashing algorithm [ In reply to ]
bawolff at gmail
Nov 29, 2019, 10:08 PM
Post #2 of 2 (479 views)
Permalink
If you change the hash, it will convert peoples hashes next time they log
in.

Some hash types can be converted by maintenance scripts, but that tends to
only be the weaker hash wrapped in strong hash types

--
Brian

On Friday, November 29, 2019, Kevin Zhang <msuzhangke8@gmail.com> wrote:

> I noticed that MediaWiki 1.33 includes a stronger hash algorithm (argon2)
> yet the default password algorithm in use is still pbkdf. The manual page
> is not updated for this.
> Does anyone know how to safely convert?
> Is it advisable to attempt changing to this new hash algorithm?
>
> Thanks,
>
> Kevin
> _______________________________________________
> MediaWiki-l mailing list
> To unsubscribe, go to:
> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
>
_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal