[kwlug-disc] Dumb MySQL question
Charles M
chaslinux at gmail.com
Fri Apr 3 16:19:57 EDT 2020
In this case it wasn't Drupal, but it seemed to accept the plain md5
hash long enough for me to log in and change the password. The new
password is a lot longer and seems to have a lot more variety in the
character set, so I suspect as you mention it's salted.
On Fri, Apr 3, 2020 at 4:02 PM Khalid Baheyeldin <kb at 2bits.com> wrote:
>
> Using an md5 hash is not enough. But it probably worked because older
> versions of Drupal used plain md5 hashes.
>
> The current hashing scheme is salted, and that is what is now stored after
> you changed the password from the web site itself.
>
> Using the password script I detailed before avoids having to do it in 2 steps.
>
> On Fri, Apr 3, 2020 at 3:59 PM Charles M <chaslinux at gmail.com> wrote:
>>
>> I managed to muddle through changing the password. Here's what I did:
>>
>> I used https://www.md5hashgenerator.com/ to generate an md5 sum of a
>> new password, let's say for example: ThisPassword
>>
>> It spat out: 82aa4d3a83cae98a08a1c5859d777bbb
>>
>> I then ran
>>
>> update users set userpass="82aa4d3a83cae98a08a1c5859d777bbb" where
>> username="myusername";
>>
>> I was able to log into the application using myusername and
>> ThisPassword, then go into the application and change it again. It
>> hashed with a completely different hash when I checked the table in
>> MySQL. Thanks for all the responses.
>>
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> https://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
--
Charles McColm
Fasteroids: http://chaslinux.itch.io/fasteroids
Twitter/Identica/Google+: @chaslinux
More information about the kwlug-disc
mailing list