24 Mar 2010
25 Mar 2010
Link to this post
We're currently enhancing a site to include a WordPress blog (LAMP stack). We need to give our members access to the blog and for a number of reasons, we really don't want to force the members to re-set or change their password. We can easily handle copying data from the telerik_Users database into the WordPress users database. However, as I understand it, the passwords in telerik_Users are encrypted with a SHA1 hash with salt. I believe WordPress uses md5 with salt.
We're pretty sure we can modify the encryption algorithm in WordPress to use SHA1, but is there any documentation available on the Sitefinity salt algorithm? Can anyone verify that this is how Sitefinity encrypts passwords for users?
We're not looking to decrypt passwords, we just want to allow the members to use their existing login information in WordPress. We're totally open to any other ideas out there on how to preserve the user's passwords. As I said, resetting passwords is not an option.