Jump to content

Podręcznik:$wgPasswordDefault

From mediawiki.org
This page is a translated version of the page Manual:$wgPasswordDefault and the translation is 15% complete.
Languages:
Identyfikacja: $wgPasswordDefault
Default password type to use when hashing user passwords.
Wprowadzono w wersji:1.24.0 (Gerrit change 77645; git #95a8974c)
Usunięto w wersji:nadal w użyciu
Dozwolone wartości:(string)
Domyślna wartość:'pbkdf2'
Inne ustawienia: Alfabetycznie | Według funkcji

Szczegóły

Default password type to use when hashing user passwords. The choices are:[1]

$wgPasswordDefault Algorithm Class Strength Notes
A MD5 MWOldPassword Insecure by modern standards
B MD5 MWSaltedPassword Insecure by modern standards It involves running MD5 on the password, and then running MD5 on the salt concatenated with the first hash.
pbkdf2-legacyA PBKDF2 LayeredParameterizedPassword
pbkdf2-legacyB PBKDF2 LayeredParameterizedPassword
bcrypt Bcrypt BcryptPassword Moderately secure
pbkdf2 PBKDF2 Pbkdf2PasswordUsingOpenSSL Moderately secure Default for new MediaWiki installations as of 2026.
argon2 Argon2 Argon2Password Most secure of currently supported options Used by Wikimedia websites as of 2026.[2]

After changing this setting, users will have their password updated to the new format on next login.

Changing the default

  1. Check the "DefaultSettings.php" file in the ../includes directory for the available and preset password encryption types.
    (As of MW 1.33: A, B, pbkdf2-legacyA, pbkdf2-legacyB, bcrypt, pbkdf2, argon2)
  2. Add $wgPasswordDefault with the parameter to the "LocalSettings.php" file in case you want to change the encryption, e.g. to restore the old MD5 hashing:
    $wgPasswordDefault = 'B';
  3. In order for the password to be saved in a new format, one login from each user has to be done. This way the database is updated.
    Alternatively you can use the wrapOldPasswords.php maintenance script to convert the hashing algorithm of all passwords without waiting for users to log in. Note that this script only works for pbkdf2-legacyA, pbkdf2-legacyB.
  4. Check in the MySQL-database whether the new format has been applied to the fields. 
    Select user_password from wikidbname.user where user_password like ':B:%';

Zobacz też

Notes

  1. https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/c811a467400a246d2134c2d622db5a8011dddd6c/includes/MainConfigSchema.php#7435
  2. https://gerrit.wikimedia.org/g/operations/mediawiki-config/+/ca2f57fe1efb4abeaa4f5934a3ebe27b47c009fe/wmf-config/CommonSettings.php#765
Retrieved from "https://www.mediawiki.org/w/index.php?title=Manual:$wgPasswordDefault/pl&oldid=8354642"