- If this is changed, then upgrading to the new encryption will require all passwords to be reset, as it should be impossible to change encryption from one type to another for existing data.
The solution is probably to include a flag somewhere indicating which encryption is used for a particular password (or collection of passwords). My first thought was to put this in the config files, so that it can be overridden on a course-by-course basis (via course.conf). Then I wondered if it made more sense to add a column to the password table indicating what type of password it was, which would allow new users in a course to use md5, while old ones continued to use crypt.
- Should we be salting passwords?
Con: currently WeBWorK class lists are pretty portable (including the default .dist ones). This would make it hard (possibly impossible) to move a class list from one server to another and preserve passwords.
Pro: salted passwords are much harder to decrypt. There are md5 lookup tables on the web. If someone obtained an unsalted md5 encrypted password, they would have a good chance of being able to reconstruct the plain text password (at least for relatively short passwords).