It would be nice to kill off $wgPasswordSalt if we could (the ability to set it to false that is).
This setting controls whether we use a salted password algorithm or an unsalted one. Basically making something somewhat secure almost completely insecure.
This setting appears to exist to make it possible for auth plugins on other pieces of 3rd party software to login using MediaWiki accounts by directly accessing MediaWiki's database but not bothering to understand any of MediaWiki's password algorithms.
A fairly dubious rationale to exist IMHO.
The current documentation on the setting is also complete and totally false. It says "For compatibility with old installations set to false.", but at this point this has absolutely nothing to do with compatibility.
Frankly even if we do have any sort of remaining incompatibility I'd bet it would be fairly trivial to actually solve (eg: For ancient password hashes just try both ancient algorithms instead of just one).
Sounds fine by me.
-- View this message in context: http://wikimedia.7.x6.nabble.com/Can-we-kill-wgPasswordSalt-tp5005998p500600... Sent from the Wikipedia Developers mailing list archive at Nabble.com.
I support that. If someone needs plain md5, they can use the hooks to generate and compare the hashes.
On Wed, May 29, 2013 at 1:38 PM, Daniel Friesen daniel@nadir-seen-fire.com wrote:
It would be nice to kill off $wgPasswordSalt if we could (the ability to set it to false that is).
This setting controls whether we use a salted password algorithm or an unsalted one. Basically making something somewhat secure almost completely insecure.
This setting appears to exist to make it possible for auth plugins on other pieces of 3rd party software to login using MediaWiki accounts by directly accessing MediaWiki's database but not bothering to understand any of MediaWiki's password algorithms.
A fairly dubious rationale to exist IMHO.
The current documentation on the setting is also complete and totally false. It says "For compatibility with old installations set to false.", but at this point this has absolutely nothing to do with compatibility.
Frankly even if we do have any sort of remaining incompatibility I'd bet it would be fairly trivial to actually solve (eg: For ancient password hashes just try both ancient algorithms instead of just one).
-- ~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://danielfriesen.name/]
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Le 29/05/13 22:38, Daniel Friesen a écrit :
It would be nice to kill off $wgPasswordSalt if we could (the ability to set it to false that is).
<snip>
This setting appears to exist to make it possible for auth plugins on other pieces of 3rd party software to login using MediaWiki accounts by directly accessing MediaWiki's database but not bothering to understand any of MediaWiki's password algorithms.
If along the change you can write a quick tutorial on the MediaWiki.org doc, that will be perfect :D
On 30/05/13 06:38, Daniel Friesen wrote:
The current documentation on the setting is also complete and totally false. It says "For compatibility with old installations set to false.", but at this point this has absolutely nothing to do with compatibility.
I'm pretty sure it is still true, with the code as it stands. There's a difference between "completely and totally false" and "should probably be false in the future".
Frankly even if we do have any sort of remaining incompatibility I'd bet it would be fairly trivial to actually solve (eg: For ancient password hashes just try both ancient algorithms instead of just one).
Feel free to change User::comparePasswords() to do that, and then deprecate $wgPasswordSalt. If there are authentication plugins that depend on it, it would be polite to allow for a deprecation period rather than just removing it.
-- Tim Starling
wikitech-l@lists.wikimedia.org