Support » Everything else WordPress » WordPress 4.7.3 password encryption ?

  • Resolved boblebad

    (@boblebad)



    Hi

    I’m sure it must be here somewhere, but i couldn’t find it via search.

    What’s the encryption that’s used on the passwords of the users ?

    I can see it’s not just a simple MD5, it’s more than that.

    I need to copy users from Oxwall’s database to WordPress’ database. They need to be logged in in WordPress when they login in Oxwall. I need it for my support part which i use WordPress for.

    So i need to know how to recrypt the passwords from Oxwall to fit the WordPress model be course they are not the same.

    All the best
    Carsten

Viewing 7 replies - 1 through 7 (of 7 total)
  • Moderator Samuel Wood (Otto)

    (@otto42)

    WordPress.org Admin

    WordPress uses the phpass library for passhword hashing. They’re not “encrypted”, as such, because of course they cannot be decrypted. The hashing is one-way.

    You can find more info about the phpass library here: http://www.openwall.com/phpass/

    Moderator Steve Stern

    (@sterndata)

    Support Volunteer

    Use the function wp_hash_password to encrypt plaintext passwords:

    https://codex.wordpress.org/Function_Reference/wp_hash_password

    Thank you for your answers ๐Ÿ™‚

    In between i found out how Oxwall does the encryption. It’s a salt and sha256. So that’s a bit of a problem.

    The only really solution is to upgrade/change the encryption on both systems to match each other. In regards to that, the only i see at the moment is bcrypt.

    Which salt in the wp-config is used for the login password, there’s four of them ?

    And how is the salt added ?

    I tried adding it both in front and after my password, when generating the code. But the result is not the same.

    And last, where can i find an encrypter that can do the WordPress thing ?

    As i understand it, it takes the password, adds salt and runs it 8 times through the encrypter, but those i have found doesn’t give the same result as in my database.

    [Moderator note: Please, no bumping.]

    • This reply was modified 1 year, 5 months ago by  Steve Stern.
    • This reply was modified 1 year, 5 months ago by  Steve Stern.
    Moderator Sergey Biryukov

    (@sergeybiryukov)

    WordPress Dev

    I need to copy users from Oxwallโ€™s database to WordPressโ€™ database. They need to be logged in in WordPress when they login in Oxwall.

    I’d suggest looking into wp_set_auth_cookie() to set the authentication cookies for a WordPress user when they log in to Oxwall, without requiring a separate password. Would that work for you?

    Moderator Samuel Wood (Otto)

    (@otto42)

    WordPress.org Admin

    None of the salts in wp-config are used for the passwords. The phpass library generates its own salt for each password. The salt is part of the password hash.

    The only way to do this is to use the library directly, really. It’s a complex thing.

    Moderator Samuel Wood (Otto)

    (@otto42)

    WordPress.org Admin

    Alternatively, the WordPress login system is pluggable. If you can write code to recognize the existing cookies from your other system, then you can login users without caring about their password. That’s probably the best way.

    Thank you for your answers Sergey and Samuel ๐Ÿ™‚

    I would say that the easiest way(if it’s safe and good) works for me ๐Ÿ™‚

    And if i can do it with a cookie, then it’s easier. Though the user would then need to create a login or i would.

    Hmm, and it’s probably easier at the moment than changing to bcrypt. It’s easy to do the switch here with WordPress, be course there’s a plugin for it. The problem is Oxwall. It seams that there’s something, but not sure for now whether it works or not.

    What would be the ideal way, was when a user created a profile in Oxwall, simultaneously a user would be created in WordPress by copying the data from one table to another in the database, then it would be a more whole experience for the users and also they wouldn’t need to create two logins.

    But i’ll go have a look at the cookie-way and set that up for now ๐Ÿ™‚

    And thank you for clearing up how the salt’s are used ๐Ÿ™‚

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘WordPress 4.7.3 password encryption ?’ is closed to new replies.