Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

General Questions /

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

Decrypting Password

Go to End

7 Posts   1814 Views


Community Member, 541 Posts

11 November 2010 at 6:03am

Is it possible to decrypt the member password in order to push it to anther system such as webstore?


Community Member, 244 Posts

11 November 2010 at 12:28pm

No, that would defeat the purpose :)


Community Member, 215 Posts

11 November 2010 at 6:11pm

You can turn off encryption and store the passwords in plaintext... But obviously that comes with potential issues. You need to set Security::$encryptPasswords to FALSE


Community Member, 541 Posts

12 November 2010 at 2:42am

But that won't decrypt existing passwords will it?


Community Member, 902 Posts

12 November 2010 at 5:33am

No it won't decrypt existing passwords.
The passwords aren't actually encrypted (in a way that can be decrypted). The values in the DB are a (salted) hash of the original password. A hash like this is a one-way route, there's no way to go from a hash-value back to the password (except maybe brute-force but that could take years to figure out a password and there are potentially several passwords that result in the same hash).

So in short: If you have hash-values in the DB (the SilverStripe default), then there's no way to transform them into plain-text passwords.


Community Member, 541 Posts

12 November 2010 at 11:00am

Okay, thanks. Looks like its plan B use the member info to populate an external registration page. That way they only need to fill in the password section.

I guess just like stock once your password is salted it can't be unsalted

Capt. Morgan

Community Member, 30 Posts

16 November 2010 at 5:22am

One possible solution for you could be to use the silverstripe database for the authentication to your webstore. If a shared authentication is what you're after that is.
That way a regenerated password on the site would immidiately work also to log in to your webstore.

If you use the default hashing in silverstripe I guess you got SHA algorithm with a salt. Both the algorithm and salt are found in the Member record if you need to use them in your custom authentication on the external system.