Date Published: March 16, 2022
How to check if Drupal user password is well hashed
Issue¶
Drupal login is not recognizing a password of a user.
Cause¶
One possible reason is the password could be store with a wrong hash.
Solution¶
To verify if the password is store with a valid hash you will need to use a module called drop_the_ripper.
After the module is installed and the code is deployed, SSH in the server and create a file adding the password of the user you want to test.
For example file:
echo "1234567Aa" > /mnt/tmp/password.txt
To test run the following command in site docroot:
site.env@server-xxxxxx:/var/www/html/site.env/docroot$ drush dtr --uid=[user-id] --wordlist=/mnt/tmp/password.txt
If the drop_the_ripper module do not find the password you will see a output like this:
Users to check: 1 [success]
Ran 5 password checks for 1 user(s) in 0.25 seconds. [success]
If drop_the_ripper managed to find it, the output should be something like this
Users to check: 1 [success]
Match: uid=[id-user] name=[user-email] status=1 password=1234567Aa [success]
Ran 5 password checks for 1 user(s) in 0.25 seconds.
This way you could verify if the hash is valid.
Did not find what you were looking for?
If this content did not answer your questions, try searching or contacting our support team for further assistance.