Changed password default to PBKDF2

author Tyler Romeo <tylerromeo@gmail.com>

Sun, 27 Jul 2014 19:48:22 +0000 (15:48 -0400)

committer Kunal Mehta <legoktm@gmail.com>

Thu, 14 Aug 2014 19:08:03 +0000 (12:08 -0700)
author Tyler Romeo <tylerromeo@gmail.com>
Sun, 27 Jul 2014 19:48:22 +0000 (15:48 -0400)
committer Kunal Mehta <legoktm@gmail.com>
Thu, 14 Aug 2014 19:08:03 +0000 (12:08 -0700)
diff --git a/RELEASE-NOTES-1.24 b/RELEASE-NOTES-1.24

index a417d19..5e440e3 100644 (file)
--- a/RELEASE-NOTES-1.24
+++ b/RELEASE-NOTES-1.24
@@ -51,6 +51,12 @@ production.
  * $wgHTCPMulticastAddress, $wgHTCPMulticastRouting and $wgHTCPPort were removed.
  * $wgRC2UDPAddress, $wgRC2UDPInterwikiPrefix, $wgRC2UDPOmitBots, $wgRC2UDPPort
    and $wgRC2UDPPrefix have been removed.
+* The default password type for MediaWiki has been changed from MD5 to PBKDF2.
+  Password hashes will automatically be updated as users log in. If necessary, the
+  old MD5 hashing can be restored by changing $wgPasswordDefault to 'B'. In addition,
+  there is a maintenance script wrapOldPassword.php that can wrap all passwords in
+  PBKDF2 (or the hashing algorithm of your choice) if you don't want to wait for your
+  users to log in.
  
  === New features in 1.24 ===
  * Added a new hook, "WhatLinksHereProps", to allow extensions to annotate
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php

index 7829710..304a75f 100644 (file)
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -4098,7 +4098,7 @@ $wgInvalidPasswordReset = true;
   *
   * @since 1.24
   */
-$wgPasswordDefault = 'B';
+$wgPasswordDefault = 'pbkdf2';
  
  /**
   * Configuration for built-in password types. Maps the password type
author	Tyler Romeo <tylerromeo@gmail.com>
	Sun, 27 Jul 2014 19:48:22 +0000 (15:48 -0400)
committer	Kunal Mehta <legoktm@gmail.com>
	Thu, 14 Aug 2014 19:08:03 +0000 (12:08 -0700)
RELEASE-NOTES-1.24		patch \| blob \| history
includes/DefaultSettings.php		patch \| blob \| history