What is password salting?

Password salting is a way of making password hashing more secure by adding a random string of characters to passwords before their hash is calculated, which makes them harder to reverse (the longer the random string, the harder you make it).

How does Moodle use password salting?

Prior to Moodle 2.5 Moodle used a single site-wide salt which was used when hashing each user's password. From Moodle 2.5 onward Moodle automatically generates and adds a different salt for each individual user. This is more secure and means that a site-wide configuration variable for the salt is no longer required for new installations of 2.5 or greater.

Backwards compatibility

If you are upgrading a site from 2.4 or below and you are already using a site-wide salt in your configuration file, you need to keep using it to ensure your existing users can still log in.

For more details about the old site-wide salt configuration, see the Moodle 2.4 Password Salt documentation.