MD5 was used in version 2.5 of eZ Platform. This is no longer the best solution for encrypting passwords.
The latest LTS version of Ibexa uses bcrypt. When migrating between versions of the application, the passwords in the database need to be migrated.
The differences
| Features | MD5 | bcrypt |
| Type of algorithm | Cryptographic hash function | Password hashing algorithm |
| Main objective | Create a digital fingerprint (hash) | Hiding passwords securely |
| Resistance to collisions | Very low, easy to find collisions | Very high |
| Salt | Not natively integrated (requires manual implementation) | Natively integrated, unique salt by hashing |
| Cost factor | Not applicable | Configurable, impacts calculation time and resistance to brute force attacks |
| Resistance to brute force attacks | Very weak, vulnerable to rainbow table attacks and direct brute force attacks | Very strong, thanks to salting and the cost factor |
| Computing speed | Very fast | Intentionally slow, configurable |
| Current use | Obsolete for password hashing, still used to verify file integrity (but not recommended for sensitive applications) | Industry standard for password hashing |
| Security | Very low, insecure | Very high security |
Migrating passwords from eZ Plaform 2.5 to Ibexa 4.6: the technical aspect
Migrating passwords from MD5 to bcrypt as part of an Ibexa upgrade requires a specific approach, as it is not possible to ‘unhash’ MD5 passwords. The strategy is to perform the migration when the user logs on:
- MD5 check: When a user attempts to log in, the system first checks whether the password matches the existing MD5 hash.
- Bcrypt hash and update: If the MD5 check is successful, the system hashes the password with bcrypt and updates the user record in the database with the new bcrypt hash. This means that only the bcrypt hash will be used for future logins.
Migrating from MD5 to bcrypt is a crucial step in strengthening the security of your Ibexa platform. By adopting bcrypt, you can effectively protect your users' data against modern attacks. The security of your site and your users depends on it.
Would you like to find out more and receive support for your eZ Platform to Ibexa migration project? Don't hesitate to contact us.
Nos derniers articles
Migrate passwords from eZ Platform 2.5 to Ibexa 4.6
Data security, and in particular the security of user passwords, is an absolute priority for ...
✨🎄Code Rhapsodie vous souhaite le meilleur en 2025 🥂🍾🎊
2024 aura été une année riche en tempêtes, avec ses hauts et ses bas. Mais ...
Structure the code of your import/export processes with Dataflow
To celebrate the release of Dataflow 5 for Symfony 7, here is some feedback on ...
Gagnez un audit de votre application !
🎯 Nous relevons le défi de lancer un grand concours : Vous faire gagner un ...
Extending Ibexa Commerce - Shipping cost calculator
How to dynamically calculate shipping costs? The official documentation that explains how to create shipping ...
Extending Ibexa Commerce - Custom product attributes
How to create a new product attribute type in Ibexa Commerce
4 postes de travail à louer
A la recherche d'un poste de travail temporaire ou permanent ? Vous recherchez un environnement ...
Dans les entrailles des transporteurs d'Ibexa Commerce
Après une découverte de surface d'Ibexa Commerce, entrons plus dans le détail pour comprendre son ...
À la découverte d'Ibexa Commerce
Ibexa DXP propose un module pour gérer des produits pour la réalisation d'un site e-commerce. ...
Migrate passwords from eZ Platform 2.5 to Ibexa 4.6
Data security, and in particular the security of user passwords, is an absolute priority for ...
✨🎄Code Rhapsodie vous souhaite le meilleur en 2025 🥂🍾🎊
2024 aura été une année riche en tempêtes, avec ses hauts et ses bas. Mais ...
Structure the code of your import/export processes with Dataflow
To celebrate the release of Dataflow 5 for Symfony 7, here is some feedback on ...
Gagnez un audit de votre application !
🎯 Nous relevons le défi de lancer un grand concours : Vous faire gagner un ...
Extending Ibexa Commerce - Shipping cost calculator
How to dynamically calculate shipping costs? The official documentation that explains how to create shipping ...
Extending Ibexa Commerce - Custom product attributes
How to create a new product attribute type in Ibexa Commerce
4 postes de travail à louer
A la recherche d'un poste de travail temporaire ou permanent ? Vous recherchez un environnement ...
Dans les entrailles des transporteurs d'Ibexa Commerce
Après une découverte de surface d'Ibexa Commerce, entrons plus dans le détail pour comprendre son ...
À la découverte d'Ibexa Commerce
Ibexa DXP propose un module pour gérer des produits pour la réalisation d'un site e-commerce. ...