At 07:01 AM 11/20/2010 -0500, Chris Nighswonger wrote:
2010/11/20 Altaf Mahmud <<mailto:altaf.mahmud@gmail.com>altaf.mahmud@gmail.com> Hi, I want to know how Koha saves its borrowers' password in database? Is it one-way conversion? For example, if a password is saved as '4QrcOUm6Wau+VuBX8g+IPg', can I decode it back to its original text which was '123456'? They are stored as MD5 hashes and you cannot "decode" them as such. IIRCC, what you must do is make an MD5 hash of the password and then compare the two hashes. They should be the same.
The above is not a "pure" MD5 hash [32 character hexadecimal value]; for 123456, it would be e10adc3949ba59abbe56e057f20f883e However, the decrypt function at <http://www.cmd5.org/> does return 123456 for 4QrcOUm6Wau+VuBX8g+IPg Best - Paul