Thanks for the response. Much appreciated.
the pepper is generated and added by the plugin. . . . Knowing the pepper defeats its purpose (the same way knowing the SALT does)
I am by no means implying that your statement is wrong, just that it contradicts essentially everything I have read about the difference between salt and pepper, the former of which is generated automaticallly and stored with the password in the database, the latter of which is said to be user-generated and then stored off-site, preferably also memorized by the user for login and security purposes.
Knowing the pepper defeats its purpose (the same way knowing the SALT does)
The explanations I have read (at least as I understand them) maintain that only the user should know the user-generated pepper for his or her password, which is not stored in the database with the salt. So CP seems to be using a variation of this protocol, though if the pepper is stored in the database with the salt, then it, too, can conceivably be hacked if the database is compromised. Or so it seems.
The admin . . . refreshes peppers and uses the forgot password to set a new admin password. and then should send an email (in Italy this step is by law) to let user know that the site requires them to set a new password with the forgot password link.
I could not use a forgotten password or any password to set a new admin password because I was locked out of the site by the automatically regenerated pepper. Nor was there any indication that I would receive an email with a link to do so. I mean, I am the admin who would send the email.
So . . . do I understand this correctly (my bracket insertions):
You do not need to know the pepper. when it [the pepper] is refreshed [via the refresh button] and you set the new password from forgot password it [the plugin] adds it [the pepper to the database as part of your reset password] on its own.
That is:
If I
(1) click to refresh the pepper, then
(2) I am required to reset my password then and there, since my old one will no longer work, or reset it at least before I log out (so I don’t get locked out as I was) —
That is, I can reset the old password (or a new one) then and there (before I log out) so that the database can rehash the old password (or a new one) with the new pepper while I am still logged in.
When I then log out and log in even with the old password (if I have reset it before logging out), the login will proceed normally — the database will recognize my password as associated with the refreshed pepper. Correct?
Sorry for the confusion on my part, but my differing understanding of peppers did indeed lock me out of my site yesterday. No harm done (thanks @timkaye), but this different understanding of peppers threw me for a loop.
Thanks again for your response.