Diese Seite muss übersetzt werden. Greif zu!
Wenn du dich um diesen Artikel kümmern willst, dann kennzeichne das, indem du die Vorlage {{Übersetzen}} durch die Vorlage {{ÜbersetzenVergeben}} ersetzt.
Wenn du mit deiner Arbeit fertig bist, dann entferne die Vorlage aus dem Artikel.
Danke für deine Mitarbeit!

Moodle Hashing-Algorithmus

Neue Funktionalität
in Moodle 4.4! Ab Version 4.3 verwendet Moodle SHA2-512, um Nutzerkennwörter zu hashen. Siehe MDL-67390

SHA-512 ist ein moderner Hashing-Algorithmus, der von verschiedenen staatlichen Agenturen und Standards anerkannt ist:

"The only approved hashing algorithm is Secure Hashing Algorithm 2 (SHA-2)." - https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/ism/cyber-security-guidelines/guidelines-cryptography

"NIST recommends that federal agencies transition away from SHA-1 for all applications as soon as possible. Federal agencies should use SHA-2 or SHA-3 as an alternative to SHA-1." - https://csrc.nist.gov/Projects/Hash-Functions/NIST-Policy-on-Hash-Functions

Legacy hashing

Up until Moodle 2.3 the MD5 hashing alogrithm was used to hash passwords. Between versions 2.3 and 4.2 Moodle used the BCRYPT hashing algorithm.

Between versions 2.3 and and 4.2 users who had a MD5 hashed password were upgraded to the BCRYPT algorithm on login. As of version 4.3 any remaining MD5 passwords in the Moodle instances database (meaning that the user had not logged in since the release of Moodle 2.3) are replaced with a random SHA512 string. Any users that this applies to will need to reset their password to be able to log in.

From Moodle 4.3, users with (the now) legacy password hashe encrypted with the BCRYPT algorithm, will have their hash upgraded to SHA512 when they next login.