Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

General Questions

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Decrypting Password


Reply

7 Posts   1453 Views

Avatar
zenmonkey

11 November 2010 at 6:03am Community Member, 528 Posts

Is it possible to decrypt the member password in order to push it to anther system such as webstore?

Avatar
ajshort

11 November 2010 at 12:28pm Community Member, 244 Posts

No, that would defeat the purpose :)

Avatar
Howard

11 November 2010 at 6:11pm Community Member, 215 Posts

You can turn off encryption and store the passwords in plaintext... But obviously that comes with potential issues. You need to set Security::$encryptPasswords to FALSE

Avatar
zenmonkey

12 November 2010 at 2:42am Community Member, 528 Posts

But that won't decrypt existing passwords will it?

Avatar
banal

12 November 2010 at 5:33am Community Member, 901 Posts

No it won't decrypt existing passwords.
The passwords aren't actually encrypted (in a way that can be decrypted). The values in the DB are a (salted) hash of the original password. A hash like this is a one-way route, there's no way to go from a hash-value back to the password (except maybe brute-force but that could take years to figure out a password and there are potentially several passwords that result in the same hash).

So in short: If you have hash-values in the DB (the SilverStripe default), then there's no way to transform them into plain-text passwords.

Avatar
zenmonkey

12 November 2010 at 11:00am Community Member, 528 Posts

Okay, thanks. Looks like its plan B use the member info to populate an external registration page. That way they only need to fill in the password section.

I guess just like stock once your password is salted it can't be unsalted

Avatar
Capt. Morgan

16 November 2010 at 5:22am Community Member, 30 Posts

One possible solution for you could be to use the silverstripe database for the authentication to your webstore. If a shared authentication is what you're after that is.
That way a regenerated password on the site would immidiately work also to log in to your webstore.

If you use the default hashing in silverstripe I guess you got SHA algorithm with a salt. Both the algorithm and salt are found in the Member record if you need to use them in your custom authentication on the external system.