[wp-hackers] Client side password encryption

Viper007Bond viper at viper007bond.com
Mon Mar 17 01:31:46 GMT 2008


No no, I think the salt and all that stuff is a good idea. I don't want to
mess with it or the database.

I'm just trying to figure out a way to not send the password in plain text.
MD5'ing it + a separate salt worked well with 2.3.x, but it's proving to be
trouble in 2.5.

On Sun, Mar 16, 2008 at 11:04 AM, James Davis <james at freecharity.org.uk>
wrote:

>
> On 16 Mar 2008, at 09:27, Viper007Bond wrote:
>
> > Is it even possible? I can't think of a way to take the MD5 of the
> > password
> > and use it to check the password due to the salting. I can't MD5 the
> > original password and compare it to the submitted hash as the original
> > obviously isn't stored anywhere.
>
> I think (I'm away from home and unable to check precisely) that when
> I coded the new password functions things were left pluggable in the
> right places to allow you to use a different hashing algorithm. If
> you really wanted to use this plugin, you might be able to write
> another plugin that reinstates plain MD5 passwords. Please let me
> know if this isn't the case. :-)
>
> James
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>



-- 
Viper007Bond | http://www.viper007bond.com/ | http://www.finalgear.com/


More information about the wp-hackers mailing list