wrong md5-hash of md5.js, frontend-, backend-login
The md5-calculation produces wrong, it belongs to the used characters.
Following characters produces this failure:
äöüÄÖÜ§áÁ and many more.
These characters are not forbidden.
The md5.js is also used to send the backend-password.
Due the failure of md5.js it could be easier to descend the password-algorythm.
Following characters are availible:
All other characters produces a wrong hash.
As fe-users want to change their password, I've noticed this problem in affinity with Issue #0012206.
It's not possible to replace the md5.js simple.
All hashed passwords are written in the wrong md5-code, that means, all users have to retype their password on login or have to receive automatically a new password...
language: german, the problem occurs on usernames with specialchars/umlauts.
Attached is the old md5.js and a new one with no failure.
(issue imported from #M13917)
Updated by Sebastian over 13 years ago
I think it's related to #0005865:
- if the md5.js always returns the hash, the hash should be always the same.
It seems, in #0005865 the md5-hash was created by md5.js and (!) the serverside md5.
The interaction between md5.js and serverside md5 isn't typically typo3 and isn't a matter of this issue, because the password-hash should be only calculated on clientside.
Updated by Stefan Neufeind about 12 years ago
- % Done changed from 0 to 50
We tried the one from webtoolkit.info. Works like a charme.
Do we need to worry about licensing in this case? (I guess so.)
Or could we simply exchange it by a commit?
The current MD5-implementation is done "fundamentally different", so it's not like adding one more line to the existing one or so. (The one from webtoolkit.info is even quite a bit shorter :-))