#1328 ✓resolved

Bug: after switching to enhanced password hashing, you can't return to md5 hashing

Reported by dleffler | December 27th, 2015 @ 03:31 AM | in 2.3.7 (closed)

Not that you'd want to, but once you've elevated the password hashing security from '0' to higher, you can't return to '0' (md5) successfully. You can always move from md5/0 to more secure seamlessly, but with the recent bug caused by the password hash field being too small if you've initially installed a version prior to 2.3.5 and upgrade to 2.3.5+.

Comments and changes to this ticket

  • dleffler

    dleffler December 27th, 2015 @ 12:39 PM

    Not sure this is a bad thing...once your password is converted to the new hash, it won't be converted again if the security level is reduced or increased. And it only affects new users or those changing their passwords.

  • dleffler

    dleffler December 31st, 2015 @ 09:02 PM

    • State changed from “new” to “resolved”

    This was fixed with a recent push which now actually updates existing table columns...previously update_tables() would only add or remove columns (and indexes), but NEVER update a column that already existed.

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

Bug Tracker for Exponent CMS

Shared Ticket Bins

People watching this ticket