drupal and joomla hash not salted by default?

Question

The password recovery mechanism I keep bumping into for joomla, art least, is to add a known, hashed string to the password column of the user table. What that says to me is that the default hashing mechanism is not salted. Am I wrong? Also, I am just curious to know whether or not drupal salts passwords by default?

score 3 · Answer 1 · edited May 23 '17 at 12:29

3

Yes, Joomla does salt the passwords before they are md5 hashed.

For a more detailed explanation on the process and how to split them up, please see this: joomla password encryption

Hope this is what you are looking for.

edited May 23 '17 at 12:29

Community

1
1

answered Jul 27 '12 at 01:44

Lodder

19,758
10
59
100

Kind of, but the wiki on Joomla says that we should input a known password. Isn't the purpose of salt to defeat ALL of these ['known-password'][1] databases? [1]: http://docs.joomla.org/How_do_you_recover_your_admin_password?#Change_the_Password_in_the_Database – Wolfpack'08 Jul 27 '12 at 03:01

score 2 · Accepted Answer · answered Jul 27 '12 at 03:59

2

Drupal hashes are salted in V7 and later. http://drupal.org/node/493984

answered Jul 27 '12 at 03:59

tbroberg

635
3
11

drupal and joomla hash not salted by default?

2 Answers2