Download & Extend

Secure Password Hashes

Posted by douggreen on December 14, 2007 at 2:46pm

This module stores password hashes securely.

The default password hashes in Drupal 6 (and before) are rather insecure. MD5 is easy to crack, should an attacker find a database dump or gain access to your database. This module implements secure password hashes using the phpass password hashing method - multiple rounds of hashing and salting that make reversing the hash significantly more difficult to break by brute-force attack. This is the same approach that is used for Drupal 7.

The 1.x branches will soon be marked unsupported.

The 2.x branches feature simplified code and only supports the portable password hashing mechanism backported from Drupal 7 core.

WARNING: after this module is installed and any user password's have been converted, you will not be able to uninstall

This module is partially supported by

Downloads

Recommended releases

Version Downloads Date Links
6.x-2.0-rc1 tar.gz (13.64 KB) | zip (15.75 KB) 2011-Aug-01 Notes
5.x-2.0-rc2 tar.gz (13.49 KB) | zip (15.6 KB) 2011-Sep-15 Notes

Development releases

Version Downloads Date Links
6.x-2.x-dev tar.gz (13.64 KB) | zip (15.75 KB) 2011-Aug-02 Notes
5.x-2.x-dev tar.gz (13.49 KB) | zip (15.6 KB) 2011-Sep-16 Notes

Project Information


Maintainers for Secure Password Hashes

  • pwolanin - 33 commits
    last: 27 weeks ago, first: 32 weeks ago
  • Owen Barton - 1 commit
    last: 2 years ago, first: 2 years ago
  • douggreen - 17 commits
    last: 3 years ago, first: 4 years ago

Issues for Secure Password Hashes

To avoid duplicates, please search before submitting a new issue.
All issues
3 open, 36 total
Bug reports
2 open, 22 total
Subscribe via e-mail
Oldest open issue: 19 Jul 11