[Koha] Borrowers' password encryption method in database
Paul
paul.a at aandc.org
Sun Nov 21 06:23:09 NZDT 2010
At 07:01 AM 11/20/2010 -0500, Chris Nighswonger wrote:
>2010/11/20 Altaf Mahmud
><<mailto:altaf.mahmud at gmail.com>altaf.mahmud at gmail.com>
>Hi,
>I want to know how Koha saves its borrowers' password in database? Is it
>one-way conversion? For example, if a password is saved as
>'4QrcOUm6Wau+VuBX8g+IPg', can I decode it back to its original text which
>was '123456'?
>They are stored as MD5 hashes and you cannot "decode" them as such. IIRCC,
>what you must do is make an MD5 hash of the password and then compare the
>two hashes. They should be the same.
The above is not a "pure" MD5 hash [32 character hexadecimal value]; for
123456, it would be
e10adc3949ba59abbe56e057f20f883e
However, the decrypt function at <http://www.cmd5.org/> does return 123456
for 4QrcOUm6Wau+VuBX8g+IPg
Best - Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.katipo.co.nz/pipermail/koha/attachments/20101120/984e3137/attachment.htm
More information about the Koha
mailing list