swpm password hashing oddity

  • I updated a database full of plaintext passwords following the excellent pointer received from amijanina, to sue this class:

    $encrypted_pass = SwpmUtils::encrypt_password($plain_password);

    and have discovered something bizarre.

    For irrelevant reasons I reset all the plaintext passwords in the database to the user’s first name in order to base their new (temporary) passwords on the user first name, then hashed them all using the method above. Where users had the same first name I made sure their first name was Mary1, Mary2, Mary3 etc.

    Weirdly, all the logins work for people with unique names like Hortense or Jeroboam, but most of the time (not always) the passwords that are Mary1 or John5 or Peter7 return an error message.

    What is the encryption doing here? I can get around it if I have to, but the reason why intrigues me!

    Thanks
    SP

Viewing 1 replies (of 1 total)
  • Thread Starter swisspenelope

    (@swisspenelope)

    Okay – I still don’t know what happened, but since then I reset all the usernames to email addresses, AND the encrypted passwords, still using

    $encrypted_pass = SwpmUtils::encrypt_password($plain_password);

    as instructed, and this time it worked fine. Maybe the script crashed halfway through and I didn’t notice it …

Viewing 1 replies (of 1 total)
  • The topic ‘swpm password hashing oddity’ is closed to new replies.