Home » Download » Modules

Secure Password Hashes (phpass)

·
douggreen - December 14, 2007 - 14:46

Stores password hashes securely. The default password hashes are insecure. MD5 has long been known to be crackable, and IMHO we should not be storing passwords using this. So this module stores the hashes in a secondary table using phpass, and removes the insecure MD5 hashes in the user table.

There has been a long discussion about this. See http://drupal.org/node/29706.

So, this is a proof-of-concept module that implements secure password hashes using the phpass password hashing method. Hopefully, we can get something like this into Drupal 7.

To install, you must download phpass from http://www.openwall.com/phpass/ and put PasswordHash.php in the same directory as the module.

WARNING: after this module is installed and any user password's have been converted, you will not be able to uninstall, unless you first disable secure hashes (on admin/users/settings) and then all of these users, relogin

This module is partially supported by CivicActions.

Releases

Official releasesDateSizeLinksStatus
5.x-1.12007-Dec-249.42 KBDownload · Release notesRecommended for 5.xThis is currently the recommended release for 5.x.
Development snapshotsDateSizeLinksStatus
6.x-1.x-dev2007-Dec-249.4 KBDownload · Release notesDevelopment snapshotDevelopment snapshots are automatically regenerated and their contents can frequently change, so they are not recommended for production use.
5.x-1.x-dev2008-Feb-149.43 KBDownload · Release notesDevelopment snapshotDevelopment snapshots are automatically regenerated and their contents can frequently change, so they are not recommended for production use.

Support

Development

 
 

Drupal is a registered trademark of Dries Buytaert.