View Issue Details

IDProjectCategoryView StatusLast Update
0016787phplist applicationUser Managementpublic17-05-13 16:21
PrioritynormalSeverityminorReproducibilityhave not tried
Status resolvedResolutionfixed 
Product Version2.11.9 
Target VersionFixed in Version2.11.10 
Summary0016787: Wrong encryption algorithm when upgrading from 2.10.19
DescriptionThere was a question on the forums about what happens to user passwords when upgrading from 2.10.x to 2.11.x.

As user passwords are currently hashed using MD5 when upgrading the algorithm cannot be changed.
The config.php file for 2.10.19 has two defines, each set to 1 in order to encrypt user passwords:


But this code in init.php appears to set the algorithm to sha256 if it is available regardless of whether passwords are already hashed using MD5

  ## we now always encrypt
if (!defined("ENCRYPTPASSWORD")) {
  ## old method to encrypt, used to be with md5, keep like this for backward compat.
# define("ENCRYPTPASSWORD",0);

if (!defined('ENCRYPTION_ALGO')) {
  if (function_exists('hash_algos') && in_array('sha256',hash_algos())) {
  } else {

Additionally, ENCRYPTION_ALGO seems to apply to both an admin password and a user password. So if MD5 is currently used for user passwords then after upgrading it will have to also be used for admin passwords, instead of a stronger algorithm.

TagsNo tags attached.



17-05-13 16:04

manager   ~0052037

hmm, yes. Tricky one.

If passwords were encrypted with md5, we either want to continue with md5 or find some way to update them. Updating them is tricky as we don't know them. We could enforce subscribers to re-enter them with a forgot password system, but that doesn't exist yet.

I guess for now, we'd need to stick to md5 in that case.

So, that would be :

if ASKFORPASSWORD & !ENCRYPTPASSWORD -> set encrypt and use sha256