how_to:change_admin_password_salted
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
how_to:change_admin_password_salted [2011/06/29 07:27] NickC added list of items |
how_to:change_admin_password_salted [2016/07/01 13:19] (current) shawn_a [Get a salt] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ==== Change the Admin Password to Salted ==== | + | ====== Change the Admin Password to Salted ====== |
| - | === Purpose === | ||
| - | This entry is because a few people, judging from some requests in the support forum, have had trouble converting their GetSimple installation from unsalted to salted logins. This entry will hopefully form a base topic to which we can point future requests. | + | ===== Purpose ===== |
| - | Since you are switching from unsalted to salted, a process that assumes you are a bit knowledgeable about admininistration, I'm going to assume you know what FTP is, what a shell is, and what gsconfig.php does. | ||
| - | === Why === | + | This entry is because a few people seem to have had some trouble converting their GetSimple installation from unsalted to salted logins. This entry will hopefully form a base topic to which we can point future requests. |
| + | |||
| + | Since you are switching from unsalted to salted, a process that assumes you are a bit knowledgeable about admininistration, I'm going to assume you know what FTP is, what a shell is, and what ''[[config:gsconfig|gsconfig.php]]'' does. | ||
| + | |||
| + | ===== Why ===== | ||
| GetSimple now has the ability to use salted passwords. A [[http://en.wikipedia.org/wiki/Salt_(cryptography)|salt]] is an extra input into the cryptographic function that encrypts your password. This makes it much harder for cracking attempts to succeed. The encryption is using more characters than just the password, making it harder (i.e. more time-consuming) to brute-force, and dictionary attacks won't work since the encrypted hash does not represent a word(s). | GetSimple now has the ability to use salted passwords. A [[http://en.wikipedia.org/wiki/Salt_(cryptography)|salt]] is an extra input into the cryptographic function that encrypts your password. This makes it much harder for cracking attempts to succeed. The encryption is using more characters than just the password, making it harder (i.e. more time-consuming) to brute-force, and dictionary attacks won't work since the encrypted hash does not represent a word(s). | ||
| Line 15: | Line 17: | ||
| The beauty of using a salt is that your admin password can be a reasonable length for a human to remember, saving you from having to type a 30 character long string of gobbledy-gook, yet the resulting hashed password token, because it is also using the salt, will have plenty of characters to generate a decent hash. | The beauty of using a salt is that your admin password can be a reasonable length for a human to remember, saving you from having to type a 30 character long string of gobbledy-gook, yet the resulting hashed password token, because it is also using the salt, will have plenty of characters to generate a decent hash. | ||
| - | === Problem === | + | ===== Problem ===== |
| The problem with switching from unsalted to salted passwords is that the admin's password will no longer be recognised after making the configuration changes, and the admin cannot log in. This is because the hash token stored by GetSimple is based on the unsalted password and it won't match the token being requested by the authorisation mechanism, which was generated using the salt. | The problem with switching from unsalted to salted passwords is that the admin's password will no longer be recognised after making the configuration changes, and the admin cannot log in. This is because the hash token stored by GetSimple is based on the unsalted password and it won't match the token being requested by the authorisation mechanism, which was generated using the salt. | ||
| Line 21: | Line 23: | ||
| We need to somehow step through the process so that we can set GetSimple's config to use salted logins, and still allow admin to login. | We need to somehow step through the process so that we can set GetSimple's config to use salted logins, and still allow admin to login. | ||
| - | === How === | + | ===== How ===== |
| It is actually quite simple: | It is actually quite simple: | ||
| - | * Login as admin; | + | * Login as admin |
| - | * edit gsconfig.php to enable salt logins; | + | * edit ''gsconfig.php'' to enable salt logins |
| - | * change admin password to regenerate the hash. | + | * change admin password to regenerate the hash |
| - | I use a web-host company that provides shell access, so I can edit gsconfig.php right on the server. If you don't have shell access (you would know if you did), you might have to FTP gsconfig.php down to your computer, make the changes, and then FTP it back up to your server. | + | I use a web-host company that provides shell access, so I can edit ''gsconfig.php'' right on the server. If you don't have shell access (you would know if you did), you might have to FTP ''gsconfig.php'' down to your computer, make the changes, and then FTP it back up to your server. |
| - | == Step One: Login == | + | ==== Step One: Login ==== |
| Log in as admin on your GetSimple site. This is purely so that you are currently logged in, to avoid the situation where you can't login later. | Log in as admin on your GetSimple site. This is purely so that you are currently logged in, to avoid the situation where you can't login later. | ||
| - | == Step Two: Edit gsconfig.php == | + | ==== Step Two: Edit gsconfig.php ==== |
| - | Edit gsconfig.php, either by downloading it or by editing directly on the server. You are going to add the line that sets GetSimple to use salted logins. You can also add the line that sets GetSimple to use your own custom salt for cookies and uploads. | + | Edit ''gsconfig.php'', either by downloading it or by editing directly on the server. You are going to add the line that sets GetSimple to use salted logins. You can also add the line that sets GetSimple to use your own custom salt for cookies and uploads. |
| - | == Get a salt == | + | ==== Get a salt ==== |
| The salt should be a mix of alphanumerics, non-alphanumerics, upper and lower case characters, and it should be a decent length. GetSimple use 55 characters for their salts. | The salt should be a mix of alphanumerics, non-alphanumerics, upper and lower case characters, and it should be a decent length. GetSimple use 55 characters for their salts. | ||
| You can get a salt generated for you from GetSimple's API [[http://get-simple.info/api/security/|here]], which is probably the easiest way. Refresh the page a few times until you get a salt that looks completely random. Notice that the page shows //two// salts, one for logins and one for your custom salt for cookies and uploads. Here is an example output:\\ | You can get a salt generated for you from GetSimple's API [[http://get-simple.info/api/security/|here]], which is probably the easiest way. Refresh the page a few times until you get a salt that looks completely random. Notice that the page shows //two// salts, one for logins and one for your custom salt for cookies and uploads. Here is an example output:\\ | ||
| - | <html><code>define('GSLOGINSALT', 'w7M%_G%CZrBjxMfdBNHhqfKZ7O7%lc_0fJ5k-CE4TjJBZxUayc^ODiv');<br />define('GSUSECUSTOMSALT', '-N0iquC47bueHs9YAyMBF6w=ny1WiTJnFcckR K~iW^s9IMy1cD^nUS');</code></html> | + | ''define('GSLOGINSALT', 'w7M%_G%CZrBjxMfdBNHhqfKZ7O7%lc_0fJ5k-CE4TjJBZxUayc^ODiv');'' |
| - | == Add the lines == | + | ''define('GSUSECUSTOMSALT', '-N0iquC47bueHs9YAyMBF6w=ny1WiTJnFcckR K~iW^s9IMy1cD^nUS');'' |
| + | |||
| + | ==== Add the lines ==== | ||
| Add (or uncomment the existing lines) to gsconfig.php:\\ | Add (or uncomment the existing lines) to gsconfig.php:\\ | ||
| ''define('GSLOGINSALT', ' .... your salt ... ');''\\ | ''define('GSLOGINSALT', ' .... your salt ... ');''\\ | ||
| - | and if you want \\ | ||
| - | ''define('GSUSECUSTOMSALT', ' ... your other salt ... ');''\\ | ||
| You have now added a salt that GetSimple will use when generating the login password token. | You have now added a salt that GetSimple will use when generating the login password token. | ||
| Line 56: | Line 58: | ||
| Upload gsconfig.php to your installation. | Upload gsconfig.php to your installation. | ||
| - | == Step Three: Change admin password == | + | If you want a custom cookie salt, you can change the following, DO NOT CHANGE THIS AT THE SAME TIME AS GSLOGINSALT \\ |
| + | ''define('GSUSECUSTOMSALT', ' ... your other salt ... ');''\\ | ||
| + | |||
| + | ==== Step Three: Change admin password ==== | ||
| **Important** Don't miss this step, it is the crux. | **Important** Don't miss this step, it is the crux. | ||
| Line 65: | Line 70: | ||
| You are done. Logout and try logging back in. You should be good to go. | You are done. Logout and try logging back in. You should be good to go. | ||
| - | ---- | ||
| - | == How to undo == | + | ===== How to undo ===== |
| If you cannot log back in to GetSimple, something went wrong. | If you cannot log back in to GetSimple, something went wrong. | ||
| - | Download the gsconfig.php file, edit it and comment out the lines you added above by inserting a # char at the beginning of the line. Upload the file. You are no longer using salted logins and your old password should work again. | + | Download the ''gsconfig.php'' file, edit it and comment out the lines you added above by inserting a # char at the beginning of the line. Upload the file. You are no longer using salted logins and your old password should work again. |
how_to/change_admin_password_salted.1309332467.txt.gz · Last modified: 2013/04/19 14:56 (external edit)
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
