[Pmwiki-users] unix crypt passwords vs. md5 hash

Greg Morgan Cybie
Tue Apr 20 21:42:45 CDT 2004


Kass Lloyd wrote:

>This topic was brought to my mind when I installed Pmwiki on a machine
>running PHP as a cgi instead of an apache module. The unix crypt feature
>apparently is broken for cgi implementations of PHP including the most
>recent version of PHP4.
>
>Pmwiki should be modified to support md5 hashes for the passwords as a
>config option, and most likely make this type of passwords default. The
>md5() function has been available in PHP since PHP3. And with the newest
>version of Pmwiki requiring PHP 4.1.0 or higher all installs of Pmwiki
>will have the md5() function available. Also the md5() function
>functions the same no matter how PHP has been installed or what system
>it is installed on. This would provide wiki data files to be of the
>maximum compatibility for whatever system the wiki data has to be moved
>to.
>  
>
I ran into this problem as well until I upgraded PHP on my servers to 
the most current version.
Perhaps a $CryptFunction variable could be created with a default value 
of MD5, so it would use the md5() function... Those who want more 
security could change $CryptFunction to SHA1 in local.php and it would 
use sha1() instead.




More information about the pmwiki-users mailing list