1
General Support / Re: user password verification in php
« on: May 02, 2021, 04:25:14 PM »
Looks like I found the solution myself. If smoeone else comes across this problem here it is:
Found the algorithm used for password encryption in:
core/lib/customer.php
in the form of SQL:
password = SHA1(CONCAT(salt,
SHA1(CONCAT(salt, SHA1('".$this->db->escape($password)."')))
And translated that to php:
$passwordhash = sha1($salt.sha1($salt.sha1($password)));
Looks like it works!
Not sure if the double salt and tripple sha1 hashing makes it more secure. Came across some "sha1 or md5 is not recommended for password hashing" statements during my research.
Does someone here have an educated opinion about this?
Thanks
Found the algorithm used for password encryption in:
core/lib/customer.php
in the form of SQL:
password = SHA1(CONCAT(salt,
SHA1(CONCAT(salt, SHA1('".$this->db->escape($password)."')))
And translated that to php:
$passwordhash = sha1($salt.sha1($salt.sha1($password)));
Looks like it works!
Not sure if the double salt and tripple sha1 hashing makes it more secure. Came across some "sha1 or md5 is not recommended for password hashing" statements during my research.
Does someone here have an educated opinion about this?
Thanks