IndieIndeed Posted September 16, 2015 Posted September 16, 2015 Is this still true? $hash = md5( md5( $salt ) . md5( $password ) ); Source
TSP Posted September 16, 2015 Posted September 16, 2015 No. /** * Encrypt a plaintext password * * @param string $password Password to encrypt * @return string Encrypted password * @todo [Future] When we increase minimum PHP version, adjust blowfish to $2y$ */ public function encryptedPassword( $password ) { /* New password style introduced in IPS4 using Blowfish */ if ( mb_strlen( $this->members_pass_salt ) === 22 ) { return crypt( $password, '$2a$13$' . $this->members_pass_salt ); } /* Old encryption style using md5 */ else { return md5( md5( $this->members_pass_salt ) . md5( \IPS\Request::legacyEscape( $password ) ) ); } }
Recommended Posts
Archived
This topic is now archived and is closed to further replies.