I have never heard of $alt encryption. $alt is a possible variable name in PHP, not an encryption method. Perhaps he meant to say that the password-generation function includes a variable called $sSalt that provides more permutations and less correlation between the plain password and the password hash, preventing simple hash database lookups to reverse passwords. Or perhaps he spelled "salt" as in "micro$oft". But let's be clear for a moment on how Dolphin password encryption see more actually works.

Dolphin 7.0.0 encrypts passwords as sha1(md5($sPwd) . $sSalt). In plain English, Dolphin generates a SHA-1-hash of the MD5-hash of the user-given password and a random salt string, the random salt being the base64-encoded characters 2 to 6 of a MD5-hashed microtime timestamp. The random salt is separately stored in a field in the user database table.

Both MD5 and SHA1 are one-way-only string hashing methods. While they cannot be directly reversed, lists and databases of MD5-hashes for common passwords are becoming increasingly common, and as such the password can be accessed by searching for the corresponding hash. MD5 also has a number of other issues that make it less of a secure password hashing option. MD5 hashes are 32 characters long, while SHA1 strings are 40 characters long, providing for more variations and subsequently harder brute-force password cracking.

If you want to produce D7-compliant passwords, look at functions encryptUserPwd() and genRndSalt() in inc/utils.inc.php (line #1003 ff.). To see an example of password checking, see check_password() in inc/admin.inc.php (line #785). If you need to generate a new Dolphin password, simply create a short script that fetches the user's salt from the database and runs a new plain-text password through encryptUserPwd().

For those interested in further security and string hashing information, hop on to Wikipedia for a starter:

- MD5: http://en.wikipedia.org/wiki/MD5
- SHA: http://en.wikipedia.org/wiki/SHA1