Does legacy salt string support in Moodle 1.9.7 include support for non-salted passwords?

By : Justin
Source: Stackoverflow.com
Question!

We have an active Moodle installation recently updated to 1.9.7. This site has never used password salts before. I want to enable password salts on the system, as Moodle recommends now for 1.9.7, but I am not sure if the legacy salt support setting includes support for non-salted passwords.

Reviewing the password sale documentation on Moodle.org doesn't make it clear (to me) if the legacy salt support also includes support for no salt at all. My question is, will a zero length string salt for my legacy salt setting in config.php mean support for non-salted passwords?

E.g., can I add this in my config.php file:

$CFG->passwordsaltalt1 = '';
$CFG->passwordsaltmain = 'my new salt which is super secure';

and have current account holders still log in if their password isn't salted? I can't tell if this is right from their documentation and I'm wondering if anyone has successfully done this.

By : Justin


Answers

I confirmed this with testing: Enabling a password salt does not affect unsalted logins, so you don't need to add a legacy entry for non-salted passwords.

By : Justin


This video can help you solving your question :)
By: admin