Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We've moved the forum!

Please use forum.silverstripe.org for any new questions (announcement).
The forum archive will stick around, but will be read only.

You can also use our Slack channel or StackOverflow to ask for help.
Check out our community overview for more options to contribute.

General Questions /

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

Decrypting Password


Go to End


7 Posts   2642 Views

Avatar
zenmonkey

Community Member, 545 Posts

11 November 2010 at 6:03am

Is it possible to decrypt the member password in order to push it to anther system such as webstore?

Avatar
ajshort

Community Member, 244 Posts

11 November 2010 at 12:28pm

No, that would defeat the purpose :)

Avatar
Howard

Community Member, 215 Posts

11 November 2010 at 6:11pm

You can turn off encryption and store the passwords in plaintext... But obviously that comes with potential issues. You need to set Security::$encryptPasswords to FALSE

Avatar
zenmonkey

Community Member, 545 Posts

12 November 2010 at 2:42am

But that won't decrypt existing passwords will it?

Avatar
bummzack

Community Member, 904 Posts

12 November 2010 at 5:33am

No it won't decrypt existing passwords.
The passwords aren't actually encrypted (in a way that can be decrypted). The values in the DB are a (salted) hash of the original password. A hash like this is a one-way route, there's no way to go from a hash-value back to the password (except maybe brute-force but that could take years to figure out a password and there are potentially several passwords that result in the same hash).

So in short: If you have hash-values in the DB (the SilverStripe default), then there's no way to transform them into plain-text passwords.

Avatar
zenmonkey

Community Member, 545 Posts

12 November 2010 at 11:00am

Okay, thanks. Looks like its plan B use the member info to populate an external registration page. That way they only need to fill in the password section.

I guess just like stock once your password is salted it can't be unsalted

Avatar
Capt. Morgan

Community Member, 30 Posts

16 November 2010 at 5:22am

One possible solution for you could be to use the silverstripe database for the authentication to your webstore. If a shared authentication is what you're after that is.
That way a regenerated password on the site would immidiately work also to log in to your webstore.

If you use the default hashing in silverstripe I guess you got SHA algorithm with a salt. Both the algorithm and salt are found in the Member record if you need to use them in your custom authentication on the external system.