If I change all the cookie & salt hashes in wp-config will all currently stored passwords need to be re-set?
define('AUTH_KEY', '9YF,b]b:G5,!@Z||G.r*lI`?yl+u_-=2SO@# :Y8f1ZW=qP)U^w+(V=i:NTZ|v/N');
define('SECURE_AUTH_KEY', '@AoU9+`<IztB@~49`PB#+YBqiz%{xRZ<_Yp+-3$h2T|{v-cJKi^of+uK..+[41nS');
define('LOGGED_IN_KEY', '+Xnu<OsPjg]#](HJ)j|`hCaMU5M7bv<Nk]t|r#P|Ln(G}+8+_.yqz,+U!Z+~@b4F');
define('NONCE_KEY', '8MTF|G,yw>nNK/Ne*I4__kr~Ab.o4@WRAh03^Yy*nep|->FJ-%;&dSF80>hqb1GK');
define('AUTH_SALT', 'y2qJ|e|ug%yz]z1uQPYnyxgY|izrnVq8{N]~d)K5*,psJzazLE{ed~xo2&`nncKO');
define('SECURE_AUTH_SALT', 'rswSqKj#l(F&3Sh&nA.:eob32Gg11hcNH68_+WAi4/n|V_+X~4{zxShr_srf]N2d');
define('LOGGED_IN_SALT', '%(0jiu`GI&{r9`&ZwO?AG7xve]4g?uYD2?-,4h#A{t7N*hWL6N,#hr{&UB;|^{#L');
define('NONCE_SALT', 'Z|EL[9mU=-5WIWpa}-=T@Aj9xR3q}9|[*<gMk1fx*U[8>1zy*yiG}R7E9;.<?j}+');
Disclaimer: not real keys – https://api.wordpress.org/secret-key/1.1/salt/
I know the salt is stored both in the database AND in wp-config and are often used together to create the hash however the ‘one way’ hashing of passwords (rather than encryption) is meant to add a level of entropy not feasibly reversed…
So then if the salt is changed wont all subsequent attempts to match the hash of the password fail?
I’m just confused as some places claim you should change these keys regularly (from once a month to every 6 months)