We have an active Moodle installation recently updated to 1.9.7. This site has never used password salts before. I want to enable password salts on the system, as Moodle recommends now for 1.9.7, but I am not sure if the legacy salt support setting includes support for non-salted passwords.
Reviewing the password sale documentation on Moodle.org doesn't make it clear (to me) if the legacy salt support also includes support for no salt at all. My question is, will a zero length string salt for my legacy salt setting in config.php mean support for non-salted passwords?
E.g., can I add this in my config.php file:
$CFG->passwordsaltalt1 = ''; $CFG->passwordsaltmain = 'my new salt which is super secure';
and have current account holders still log in if their password isn't salted? I can't tell if this is right from their documentation and I'm wondering if anyone has successfully done this.