[Mediawiki-l] salted hashed hashed passwords

Rick DeNatale rick.denatale at gmail.com
Wed Feb 8 18:09:23 UTC 2006

On 2/8/06, Paul Sanderson <sandersonforensics at gmail.com> wrote:
> Hi
> I am trying to create a program to automate the transfer of users from
> an existing forum into my wiki.
> As far as I can see I could get away with adding the following to the
> users table
> username
> e-mail address
> password (the list is password protected)
> I ma not a php programmer so I thought ity might be easier to do this
> in C++ and gave written the basic elements to do the above.
> The problem comes when adding the password. As far as I can see
> mediaWiki expects a salted hash of the hash of a password, the salt is
> the userID. i.e. if I create a user who has a random password (say
> 123abc) and a userID of say 357 then I would do the following
> Create a random password (123abc)
> Hash it
> prepend the user ID and a dash(-), so we would have, some thing like
> 357-abc343acde... etc.
> We then hash this string again, giving the final hash
> When I do this on a test case I do not get a matching hash - what am I
> doing wrong?

It's been a while since I've looked at the code, but I'm pretty sure
that you have too many hashes.  Try just prepending the user ID and
dash to the clear password and hash that.

Rick DeNatale

Visit the Project Mercury Wiki Site

More information about the MediaWiki-l mailing list