• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

XF 1.3 The password storage type in xenForo

faeronsayn

Well-known member
#1
I've heard since xF v1.2 passwords are now encrypted through bcrypt. Does xenForo use the password_hash() function found in php?

Also, are the hashes stored in xf_user_authenticate table? If so, are they stored in the remember_key column?

Also what is the scheme_class there for? Does it specify which hash type / algorithm is being used?
 

Liam W

Well-known member
#2
I've heard since xF v1.2 passwords are now encrypted through bcrypt. Does xenForo use the password_hash() function found in php?

Also, are the hashes stored in xf_user_authenticate table? If so, are they stored in the remember_key column?

Also what is the scheme_class there for? Does it specify which hash type / algorithm is being used?
XenForo_Authentication_Core12 is the class used to generate authentication strings in 1.2+.

It uses the XenForo_PasswordHash class, which doesn't use the function you said.

The actual hash is stored in the BLOB data field.

Liam