Secure Password Hashes | WUI knowledgebase

Component ID

200941

Component name

Secure Password Hashes

Component type

module

Maintenance status

Minimally maintained

Development status

Maintenance fixes only

Component security advisory coverage

covered

Downloads

24932

Component created

Fri, 12/14/2007 - 12:00

Component changed

Fri, 08/11/2017 - 12:00

Component body

This module stores password hashes securely.

The default password hashes in Drupal 6 (and before) are rather insecure. MD5 is easy to crack, should an attacker find a database dump or gain access to your database. This module implements secure password hashes using the phpass password hashing method - multiple rounds of hashing and salting that make reversing the hash significantly more difficult to break by brute-force attack. This is the same approach that is used for Drupal 7.

The 1.x branches are unsupported.

The 2.x branches feature simplified code and only supports the portable password hashing mechanism backported from Drupal 7 core.

WARNING: after this module is installed and any user password's have been converted, you will not be able to uninstall

Component url

https://www.drupal.org/project/phpass

Categories