[Moin-user] email lost password sends password in encrypted form

Ted Stern dodecatheon at gmail.com
Wed Jan 31 17:14:43 EST 2007

On 31 Jan 2007 12:22:53 -0800, Ted Stern wrote:
> My users have been complaining that their emailed passwords do not
> work.  I tested this myself and got the following result:
> ,----
> | Somebody has requested to submit your account data to this email
> | address.
> | 
> | If you lost your password, please use the data below and just enter
> | the password AS SHOWN into the wiki's password form field (use copy
> | and paste for that).
> | 
> | After successfully logging in, it is of course a good idea to set a
> | new and known password.
> | 
> | Login Name: TedStern
> | 
> | Login Password: {SHA}<lots of gobbledy-gook>
> | Login URL: http://<my company's domain>/<wikiname>/UserPreferences
> `----
> I can guess that the SHA means that password is encrypted using the
> sha python module.  So how do I set things up so the password is
> decrypted for the user?  It is unusable as it stands.
> Ted

I found this page:


that seems to describe my problem.  I did a check to see whether the
encoded form of my password would have a trailing '=' sign, and it
does.  When the encoded version is emailed to me, I do not see the '='

Perhaps one fix would be to add a trailing string after the password
to avoid putting an = at the end of the line?

 dodecatheon at gmail dot com
 Frango ut patefaciam -- I break so that I may reveal

More information about the Moin-user mailing list