From: Tyler Romeo <tylerromeo@gmail.com>
Date: Sun, 27 Jul 2014 19:48:22 +0000 (-0400)
Subject: Changed password default to PBKDF2
X-Git-Tag: 1.31.0-rc.0~14429
X-Git-Url: http://git.cyclocoop.org/%28%5B%5E/404?a=commitdiff_plain;h=6f458cfba3ad913df5f28ab5f4f41f5f38e9932b;p=lhc%2Fweb%2Fwiklou.git

Changed password default to PBKDF2

Bug: 28419
Change-Id: I096a862c884f6a6adbb381c0fcc70844bf007c63
---

diff --git a/RELEASE-NOTES-1.24 b/RELEASE-NOTES-1.24
index a417d19537..5e440e3971 100644
--- a/RELEASE-NOTES-1.24
+++ b/RELEASE-NOTES-1.24
@@ -51,6 +51,12 @@ production.
 * $wgHTCPMulticastAddress, $wgHTCPMulticastRouting and $wgHTCPPort were removed.
 * $wgRC2UDPAddress, $wgRC2UDPInterwikiPrefix, $wgRC2UDPOmitBots, $wgRC2UDPPort
   and $wgRC2UDPPrefix have been removed.
+* The default password type for MediaWiki has been changed from MD5 to PBKDF2.
+  Password hashes will automatically be updated as users log in. If necessary, the
+  old MD5 hashing can be restored by changing $wgPasswordDefault to 'B'. In addition,
+  there is a maintenance script wrapOldPassword.php that can wrap all passwords in
+  PBKDF2 (or the hashing algorithm of your choice) if you don't want to wait for your
+  users to log in.
 
 === New features in 1.24 ===
 * Added a new hook, "WhatLinksHereProps", to allow extensions to annotate
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 7829710f75..304a75fff2 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -4098,7 +4098,7 @@ $wgInvalidPasswordReset = true;
  *
  * @since 1.24
  */
-$wgPasswordDefault = 'B';
+$wgPasswordDefault = 'pbkdf2';
 
 /**
  * Configuration for built-in password types. Maps the password type