0

It currently Moodle is using MD5 for password hashing. Is there a way to change it to SHA512?

Thank You

kallada
  • 1,829
  • 4
  • 33
  • 64

1 Answers1

2

Moodle does NOT use MD5 for password hashing.

Moodle uses the standard password_hash function (https://www.php.net/manual/en/function.password-hash.php) which, at the time of writing, uses the bcrypt algorithm. This is more secure than both MD5 and SHA512 and should not be changed unless you have a really good reason to do so.

davosmith
  • 6,037
  • 2
  • 14
  • 23
  • We are trying to integrate Moodle with another application that uses SHA512 for passwords. From your answer, I understand that it is possible to change the encryption algorithm from bcrypt to SHA512, right? – kallada Aug 30 '22 at 10:53
  • 1
    If you are wanting to integrate with another system, I would strongly suggest looking at using (or developing) an authentication plugin to handle login, rather than integrating at the database password level. Especially if you were going to do this by weakening the existing password security in Moodle. – davosmith Aug 30 '22 at 15:08
  • 1
    Depending on what you are trying to do, you may also want to use webservice functions to handle communication between the systems. – davosmith Aug 30 '22 at 15:09