Support » Alpha/Beta/RC » login on 2.5.RC1 causes other WP installs (2.3.3) to not accept password

Viewing 5 replies - 1 through 5 (of 5 total)
  • Just as addition to this…

    I noticed that the problem occurs because when I log into 2.5.rc1 it actually CHANGES the password in the database!!!

    Why is 2.5.rc1 changing the passwords in the user database??? Is it a different encodning than md5? It has no problem recognizing the original md5 password, but still changes it???

    Moderator John James Jacoby

    (@johnjamesjacoby)

    From what I understand, it has something to do with the added ‘salt’ protection. I’m left to suspect that if there is no salt, it will use the existing password, but once RC1 touches it, the salt changes the hash and a new md5 is made?

    This is just a 100% guess, so don’t quote me here…

    faboomama

    (@faboomama)

    Oh, is that what’s happening? I noticed that too, but I was using a WP.com hosted blog before last week. When I finally got my WP 2.5 installed, I noticed that I was locked out of my WP.com site until I used my new password. The only problem is that now I’m also not recognized on OpenID via WP.

    Apparently this is supposed to happen… they have changed the security for passwords, so it changes/upgrades the passwords to a new one.

    BUT… somebody has already written a plugin that works around this problem (well I guess it’s not a problem for everybody):

    Read about it here:
    http://boren.nu/archives/2008/03/27/md5-password-hashes-for-25/

    Here is the download link from the WordPress site:
    http://wordpress.org/extend/plugins/md5-password-hashes/

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘login on 2.5.RC1 causes other WP installs (2.3.3) to not accept password’ is closed to new replies.