[Proposal] Password customers. MD5 vs SHA1

  • Hello to everybody!

    One of the things I consider less secure of Prestashop is when it sends the password to the customer via email. I think this should change.

    Moreover, the MD5 encryption is less secure than SHA1, so, Why don’t change it?

    I think security must be one of the maximum priorities for the project. Currently, there is a paid module that offers this functionality: https://addons.prestashop.com/en/website-security-access/11169-password-recovery-high-security-password-storage.html

    What do you think?


  • administrators

    Terrible! There is a reason why we have dropped support for anything lower than PHP 5.5. thirty bees uses PHP’s native password_hash right from the start and rehashes md5 passwords at login.
    You should also use the Php Encryption library for cookie encryption if possible (BO Page: Advanced Parameters > Performance) for some improved security.

Log in to reply

Looks like your connection to thirty bees forum was lost, please wait while we try to reconnect.