Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

Password Storage
 
richieframe
Jr. Member
 
Avatar
Total Posts:  1
Joined:  2013-09-26
 

CE 1.8 inherits from EE 1.13 and lists as a change:
“The cryptographic methods used to store passwords were improved to enhance security”

As far as I know, earlier versions used APR1 which is a 1000 iteration loop of MD5 with a 32-bit salt, then encodes the 128-bit result in 6-bit chunks to a text readable format using a fixed 64 entry array of printable characters.

How has this changed in the new versions?

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top