[kwlug-disc] Dumb MySQL question
Khalid Baheyeldin
kb at 2bits.com
Fri Apr 3 16:02:13 EDT 2020
Using an md5 hash is not enough. But it probably worked because older
versions of Drupal used plain md5 hashes.
The current hashing scheme is salted
<https://en.wikipedia.org/wiki/Salt_(cryptography)>, and that is what is
now stored after
you changed the password from the web site itself.
Using the password script I detailed before avoids having to do it in 2
steps.
On Fri, Apr 3, 2020 at 3:59 PM Charles M <chaslinux at gmail.com> wrote:
> I managed to muddle through changing the password. Here's what I did:
>
> I used https://www.md5hashgenerator.com/ to generate an md5 sum of a
> new password, let's say for example: ThisPassword
>
> It spat out: 82aa4d3a83cae98a08a1c5859d777bbb
>
> I then ran
>
> update users set userpass="82aa4d3a83cae98a08a1c5859d777bbb" where
> username="myusername";
>
> I was able to log into the application using myusername and
> ThisPassword, then go into the application and change it again. It
> hashed with a completely different hash when I checked the table in
> MySQL. Thanks for all the responses.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20200403/58f69c9d/attachment.htm>
More information about the kwlug-disc
mailing list