Jump to:

22993 Posts in 11829 Topics by 2827 members

General Questions

SilverStripe Forums » General Questions » Decrypting Password

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Page: 1
Go to End
Author Topic: 1354 Views
  • zenmonkey
    Avatar
    Community Member
    524 Posts

    Decrypting Password Link to this post

    Is it possible to decrypt the member password in order to push it to anther system such as webstore?

  • ajshort
    Avatar
    Community Member
    244 Posts

    Re: Decrypting Password Link to this post

    No, that would defeat the purpose

  • Howard
    Avatar
    Community Member
    215 Posts

    Re: Decrypting Password Link to this post

    You can turn off encryption and store the passwords in plaintext... But obviously that comes with potential issues. You need to set Security::$encryptPasswords to FALSE

  • zenmonkey
    Avatar
    Community Member
    524 Posts

    Re: Decrypting Password Link to this post

    But that won't decrypt existing passwords will it?

  • banal
    Avatar
    Community Member
    901 Posts

    Re: Decrypting Password Link to this post

    No it won't decrypt existing passwords.
    The passwords aren't actually encrypted (in a way that can be decrypted). The values in the DB are a (salted) hash of the original password. A hash like this is a one-way route, there's no way to go from a hash-value back to the password (except maybe brute-force but that could take years to figure out a password and there are potentially several passwords that result in the same hash).

    So in short: If you have hash-values in the DB (the SilverStripe default), then there's no way to transform them into plain-text passwords.

  • zenmonkey
    Avatar
    Community Member
    524 Posts

    Re: Decrypting Password Link to this post

    Okay, thanks. Looks like its plan B use the member info to populate an external registration page. That way they only need to fill in the password section.

    I guess just like stock once your password is salted it can't be unsalted

  • Capt. Morgan
    Avatar
    Community Member
    30 Posts

    Re: Decrypting Password Link to this post

    One possible solution for you could be to use the silverstripe database for the authentication to your webstore. If a shared authentication is what you're after that is.
    That way a regenerated password on the site would immidiately work also to log in to your webstore.

    If you use the default hashing in silverstripe I guess you got SHA algorithm with a salt. Both the algorithm and salt are found in the Member record if you need to use them in your custom authentication on the external system.

    1354 Views
Page: 1
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.