phpgroupware-users
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Phpgroupware-users] Passwordencryption in phpgw


From: Chris Weiss
Subject: Re: [Phpgroupware-users] Passwordencryption in phpgw
Date: Tue, 21 Jan 2003 17:30:58 +0000

$ cd phpgwapi/
$ grep -r 'account_pwd' *

in phpgwapi/inc/class.auth_sql.inc.php
"update phpgw_accounts set account_pwd='" . md5($new_passwd) . "'

see http://www.php.net/manual/en/function.md5.php for info on the md5 function.

For other auth types (email and ldap) it uses that datastores native auth 
mechinism
and doesn't store the password in phpgw at all other than in the session object
while logged in.  Well, technically even with SQL auth it doesn't store the
password, just an md5 hash based on the password.  If you're looking to extract 
and
decrypt the password from the database, you'll have to brute force it, there is 
no
way to reverse md5 because it's not encryption, it's only a hash.

Alexandros Gougousoudis (address@hidden) wrote*:
>
>Hi,
>
>how is the password encrypted in phpgw. It's not crypt. How is it done?
>Where can I find it in the code, I'am somehow blind...:-)
>
>cu
> Alex
>
>
>
>_______________________________________________
>Phpgroupware-users mailing list
>address@hidden
>http://mail.gnu.org/mailman/listinfo/phpgroupware-users
>





reply via email to

[Prev in Thread] Current Thread [Next in Thread]