XF 1.3 The password storage type in xenForo

faeronsayn

faeronsayn

Well-known member
I've heard since xF v1.2 passwords are now encrypted through bcrypt. Does xenForo use the password_hash() function found in php?

Also, are the hashes stored in xf_user_authenticate table? If so, are they stored in the remember_key column?

Also what is the scheme_class there for? Does it specify which hash type / algorithm is being used?
 
Sort by date Sort by votes
faeronsayn said:
I've heard since xF v1.2 passwords are now encrypted through bcrypt. Does xenForo use the password_hash() function found in php?

Also, are the hashes stored in xf_user_authenticate table? If so, are they stored in the remember_key column?

Also what is the scheme_class there for? Does it specify which hash type / algorithm is being used?
Click to expand...

XenForo_Authentication_Core12 is the class used to generate authentication strings in 1.2+.

It uses the XenForo_PasswordHash class, which doesn't use the function you said.

The actual hash is stored in the BLOB data field.

Liam
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

Kent
  • Suggestion Suggestion
Implemented Implement bcrypt and PBKDF2 for password storage
Replies
10
Views
2K
Robbo
Robbo
tenants
Security Implications of repopulating the password on Registration
Replies
11
Views
1K
Deebs
Deebs
P
  • Question Question
2nd mail in the password reset flow not generated/sent
Replies
1
Views
662
Mike
Mike
I
  • Suggestion Suggestion
Implemented Storage likes in the separate table
Replies
3
Views
739
infis
I
Top Bottom