MD5 password hashing in bxp

From All n One's bxp software Wixi

Jump to: navigation, search

1 Overview

Passwords are the most carefully guarded items internationally even more than money. For this reason there is good cause to ensure that password security is as strong as it possibly can be. bxp makes available MD5 salted and hashed passwords to ensure even trusted engineers can't do anything with a password file.


This is an extra facility and will not change any of your operation or current logins.


From August 2016 we will be making MD5 password hashing available as an option for all systems.


2 What is hashing

Hashing is an encryption method that is difficult to reverse engineer. Here is a good explanation of what it is and how it works [1]


3 Description

If you already use Boolean / BINARY matches then you will experience no change.


If you choose to turn this option on (an operation managed by All n One), then passwords will become Boolean / BINARY matches. CC-2-1_Security_and_Custom_Interface_configuration#Password_Security


bxp previously to help could match password and Password.


If you hash “password” and “Password” they become two different things.

  • 5f4dcc3b5aa765d61d8327deb882cf99
  • dc647eb65e6711e155375218212b3964


When we move to MD5, then this ability to match will no longer be possible.


If you move to MD5, you will not be able to move back, as all passwords will be irreversibly hashed.


4 Technical

Here is the official documentation on the functionality we will be implementing. [2]


Custom saling will also be introduced which remains bxp intellectually guarded to further improve security.


What it means is that we will no longer be storing text passwords, but MD5 hashed and salted passwords.


5 Potential Challenges

If you do change some users may experience difficulty with their passwords… i.e. it worked fine yesterday, why doesn’t it work today?


For this reason we are limiting this change to boolean matching systems only who are already used to the precision required to log in.


The only challenge will occur if you elect to change from basic to Boolean / BINARY matching.