Wednesday, July 20, 2011

Moodle Password Hash Structure

I was working with Moodle Learning Management System as part of my work
and was able to figure out the Hashing of passwords in moodle available in
users table. I am sure there are programmers who would want to know this.

Moodle uses MD5 Hashing to protect the passwords of the moodle users.

But it uses a salt value which is suffixed to the actual password before MD5 hashing algorithm being applied. Salt values are used to prevent Dictionary attacks. This salt value can be found in a file called config.php in the moodle file structure.

So the structure is MD5([Actual User Password] + [Salt Value])

No comments:

Post a Comment