Start Online Training

Get access to all our video classes and support. That's 1818 training sessions in Joomla, Drupal, WordPress, Coding and SEO.
Prices start only at only 25 USD per month

Testimonials

Testimonials OSTrainingYou are the nicest most accommodating group of people that I have ever come across. That is why I love OSTraining."

~ Corinne

 

Start a FREE 7 day trial! Get training videos and books, plus expert support:  

TOPIC: Joomla Password Security

Joomla Password Security 2 years 2 months ago #36618

With the recent story of the Zappos breach/hack (and many more throughout the year), I was wondering if there is any way to encrypt the user information (especially the password field) using another algorithm other than MD5, such as SHA-2, so in the event of a breach/hack the user information would remain "safe?"
Please become a member of OSTraining to reply to this post.

Joomla Password Security 2 years 2 months ago #36634

  • steve
  • steve's Avatar
  • OFFLINE
  • Posts: 5866
  • Thank you received: 262
Hi chaimk

I know there was some debate as to whether it was a Drupal or Java site that was hacked at Zappos. If it was Drupal, the problem would indeed be the same as the one you're talking about.

The good news is, Zappos (it seems so far) have been pretty honest about the leak and they say that the passwords weren't breached.

Both Joomla and Drupal do more than just encrypt the password, they also salt it. Here's a Joomla 1.5 explanation: docs.joomla.org/API15:JUserHelper/getSalt

More on this for Drupal: joncave.co.uk/2011/01/password-storage-in-drupal-and-wordpress/ It looks like Drupal may use a little SHA-2.
Ask. We'll help. It's as simple as that.

Follow us on Twitter - twitter.com/ostraining
Like us on Facebook - facebook.com/ostraining
Please become a member of OSTraining to reply to this post.

 

Start a FREE 7 day trial! Get training videos and books, plus expert support: