[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Phpgroupware-users] Passwordencryption in phpgw
From: |
Chris Weiss |
Subject: |
Re: [Phpgroupware-users] Passwordencryption in phpgw |
Date: |
Tue, 21 Jan 2003 17:30:58 +0000 |
$ cd phpgwapi/
$ grep -r 'account_pwd' *
in phpgwapi/inc/class.auth_sql.inc.php
"update phpgw_accounts set account_pwd='" . md5($new_passwd) . "'
see http://www.php.net/manual/en/function.md5.php for info on the md5 function.
For other auth types (email and ldap) it uses that datastores native auth
mechinism
and doesn't store the password in phpgw at all other than in the session object
while logged in. Well, technically even with SQL auth it doesn't store the
password, just an md5 hash based on the password. If you're looking to extract
and
decrypt the password from the database, you'll have to brute force it, there is
no
way to reverse md5 because it's not encryption, it's only a hash.
Alexandros Gougousoudis (address@hidden) wrote*:
>
>Hi,
>
>how is the password encrypted in phpgw. It's not crypt. How is it done?
>Where can I find it in the code, I'am somehow blind...:-)
>
>cu
> Alex
>
>
>
>_______________________________________________
>Phpgroupware-users mailing list
>address@hidden
>http://mail.gnu.org/mailman/listinfo/phpgroupware-users
>