|
|
Line 1: |
Line 1: |
| {{Security}} | | {{Security}} |
| ==What is password salting?== | | ==What is password salting?== |
|
| |
| Passwords are stored in Moodle in a hashed form. Previously MD5 hashing was used, however in Moodle 2.5 onwards, new passwords are hashed using bcrypt.
| |
|
| |
|
| [http://en.wikipedia.org/wiki/Salt_%28cryptography%29 Password salting] is a way of making password hashing more secure by adding a random string of characters to passwords before their hash is calculated, which makes them harder to reverse (the longer the random string, the harder you make it). | | [http://en.wikipedia.org/wiki/Salt_%28cryptography%29 Password salting] is a way of making password hashing more secure by adding a random string of characters to passwords before their hash is calculated, which makes them harder to reverse (the longer the random string, the harder you make it). |
|
| |
|
| ==Enabling password salting== | | ==How does Moodle use password salting?== |
| | |
| To set a password salt, add the following line to your [[Configuration file|config.php file]]:
| |
| | |
| $CFG->passwordsaltmain = 'some long random string here with lots of characters';
| |
| | |
| The random string of characters should be a mix of letters, numbers and other characters. The [http://dev.moodle.org/gensalt.php Moodle Salt Generator] may be used to obtain a suitable long random string. A string length of at least 40 characters is recommended.
| |
| | |
| ''Note'': For security reasons the only way to enable password salting is by editing config.php - there is no way to do so in the Moodle interface.
| |
| | |
| ''Tip'': Keep a note of your password salt somewhere other than config.php to prevent the situation of your password salt being lost and all site users having to go through password recovery to reset their passwords.
| |
| | |
| ==Changing the salt==
| |
| | |
| If for any reason you wish to change the salt, the old salt must be retained in config.php in addition to the new salt.
| |
| | |
| <code>passwordsaltmain</code> should be changed to <code>passwordsaltalt1</code> (note that the exact expressions must be used) for the old salt as follows:
| |
| | |
| $CFG->passwordsaltalt1 = 'old long random string';
| |
| $CFG->passwordsaltmain = 'new long random string';
| |
| | |
| If you change your salt again in the future, you must retain all the previous salts for some time (until every user has logged in at least once, so they start using the new salt). You can use $CFG->passwordsaltalt2, $CFG->passwordsaltalt3, etc. to keep up to 20 previous salts.
| |
| | |
| ''Warning: If you change the salt and do not retain the old one in config.php you will no longer be able to login to your site!''
| |
| | |
| ==Disabling password salting==
| |
| | |
| '''Note''': Not Recommended! Once enabled, you should leave password salt enabled.
| |
| | |
| To disable password salting in Moodle, you can delete, comment out, or change the value of passwordsaltmain to "empty"
| |
| | |
| // EXAMPLE: set to empty string
| |
| $CFG->passwordsaltmain = <nowiki>''</nowiki>;
| |
| | |
| | |
| // EXAMPLE: comment out
| |
| /*
| |
| $CFG->passwordsaltmain = <nowiki>''</nowiki>;
| |
| */
| |
| | |
| However, you are not done! You '''must also move the old salt to an "alt" value''', just like the "changing the salt" description, above:
| |
| | |
| $CFG->passwordsaltalt1 = 'old long random string';
| |
| $CFG->passwordsaltmain = <nowiki>''</nowiki>;
| |
| | |
| ==Importing users from another site==
| |
| | |
| If you import users from another Moodle site which uses a password salt, you need to add the other site's salt to config.php too. Upto 20 alternate salts may be added
| |
| | |
| $CFG->passwordsaltalt1, $CFG->passwordsaltalt2, ... $CFG->passwordsaltalt20
| |
| | |
| ==How does password salting work?==
| |
|
| |
|
| When a password is checked, the code looks for <code>CFG->passwordsaltmain</code>. If set, salt is appended to user's password before calculating the hash.
| | Prior to Moodle 2.5 Moodle used a single site-wide salt which was used when hashing each user's password. From Moodle 2.5 onward Moodle automatically generates and adds a different salt for each individual user. This is more secure and means that a site-wide configuration variable for the salt is no longer required for new installations of 2.5 or greater. |
|
| |
|
| If the unsalted hash of a user's password validates, it is assumed that the salt was set for the first time since the last time the user logged in. The user's password is upgraded, using the salt. '''The password is salted during the first login after the salt was set in config.php.'''
| | ==Backwards compatibility== |
|
| |
|
| If neither the unsalted hash, or the salted hash validates, the code looks for up to 20 alternate salts. | | If you are upgrading a site from 2.4 or below and you are already using a site-wide salt in your configuration file, '''you need to keep using it to ensure your existing users can still log in'''. |
|
| |
|
| If you change salts, in order not to orphan existing user accounts, you must enter the old salt into one of the alternate slots.
| | For more details about the old site-wide salt configuration, see the [https://docs.moodle.org/24/en/Password_salting Moodle 2.4 Password Salt documentation]. |
|
| |
|
| When a user who has an "old salt" password logs in, the first test of their authentication with the new salt will fail... then the code will test any alternate salts, looking for one that allows the password to be proven valid.
| |
|
| |
|
| If a user is deemed valid, the system will upgrade the user's hashed password to the latest salt.
| |
|
| |
|
| [[cs:Solení hesel]] | | [[cs:Solení hesel]] |
What is password salting?
Password salting is a way of making password hashing more secure by adding a random string of characters to passwords before their hash is calculated, which makes them harder to reverse (the longer the random string, the harder you make it).
How does Moodle use password salting?
Prior to Moodle 2.5 Moodle used a single site-wide salt which was used when hashing each user's password. From Moodle 2.5 onward Moodle automatically generates and adds a different salt for each individual user. This is more secure and means that a site-wide configuration variable for the salt is no longer required for new installations of 2.5 or greater.
Backwards compatibility
If you are upgrading a site from 2.4 or below and you are already using a site-wide salt in your configuration file, you need to keep using it to ensure your existing users can still log in.
For more details about the old site-wide salt configuration, see the Moodle 2.4 Password Salt documentation.