On 30/05/13 06:38, Daniel Friesen wrote:
The current documentation on the setting is also complete and totally false. It says "For compatibility with old installations set to false.", but at this point this has absolutely nothing to do with compatibility.
I'm pretty sure it is still true, with the code as it stands. There's a difference between "completely and totally false" and "should probably be false in the future".
Frankly even if we do have any sort of remaining incompatibility I'd bet it would be fairly trivial to actually solve (eg: For ancient password hashes just try both ancient algorithms instead of just one).
Feel free to change User::comparePasswords() to do that, and then deprecate $wgPasswordSalt. If there are authentication plugins that depend on it, it would be polite to allow for a deprecation period rather than just removing it.
-- Tim Starling