[Mediawiki-l] salted hashed hashed passwords

Paul Sanderson sandersonforensics at gmail.com
Wed Feb 8 17:45:06 UTC 2006


I am trying to create a program to automate the transfer of users from
an existing forum into my wiki.

As far as I can see I could get away with adding the following to the
users table

e-mail address
password (the list is password protected)

I ma not a php programmer so I thought ity might be easier to do this
in C++ and gave written the basic elements to do the above.

The problem comes when adding the password. As far as I can see
mediaWiki expects a salted hash of the hash of a password, the salt is
the userID. i.e. if I create a user who has a random password (say
123abc) and a userID of say 357 then I would do the following

Create a random password (123abc)

Hash it

prepend the user ID and a dash(-), so we would have, some thing like

357-abc343acde... etc.

We then hash this string again, giving the final hash

When I do this on a test case I do not get a matching hash - what am I
doing wrong?

More information about the MediaWiki-l mailing list