Support » Developing with WordPress » cookies wordpresspass_* and wordpressuser_*

Viewing 2 replies - 1 through 2 (of 2 total)
  • People’ve used rainbow tables to try and crack hashes of things like popular forum system passwords and whatnot.

    How Hash Works:

    Hashing takes any amount of data (binary or text) and creates a constant-length hash representing a checksum for the data. For example, the hash might be 16 bytes. Different hashing algorithms produce different size hashes. You obviously cannot re-create the original data from the hash, but you can hash the data again to see if the same hash value is generated. One-way Unix-based passwords work this way. The password is stored as a hash value, and to log onto a system, the password you type is hashed, and the hash value is compared against the hash of the real password. If they match, then you must’ve typed the correct password.

    ‘Dunno if that helps..

    In this particular case and speaking about WordPress 2.2.3, the (bunchofcharacters) is the MD5 sum of the site url minus any trailing slash.

    Example: Let my site url be

    Omitting the trailing slash and having this site
    compute the md5 hash value will result in


    which is precisely the (bunchofcharacters) found in the cookie.

    I think the value suitable for reproduction is stored in the database table wp_options. Look for the value “siteurl” within the column option_name.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘cookies wordpresspass_* and wordpressuser_*’ is closed to new replies.