[Koha] Borrowers' password encryption method in database

Paul paul.a at aandc.org
Sun Nov 21 06:23:09 NZDT 2010


At 07:01 AM 11/20/2010 -0500, Chris Nighswonger wrote:
>2010/11/20 Altaf Mahmud 
><<mailto:altaf.mahmud at gmail.com>altaf.mahmud at gmail.com>
>Hi,
>I want to know how Koha saves its borrowers' password in database? Is it 
>one-way conversion? For example, if a password is saved as 
>'4QrcOUm6Wau+VuBX8g+IPg', can I decode it back to its original text which 
>was '123456'?
>They are stored as MD5 hashes and you cannot "decode" them as such. IIRCC, 
>what you must do is make an MD5 hash of the password and then compare the 
>two hashes. They should be the same.

The above is not a "pure" MD5 hash [32 character hexadecimal value]; for 
123456, it would be

e10adc3949ba59abbe56e057f20f883e

However, the decrypt function at <http://www.cmd5.org/> does return 123456 
for 4QrcOUm6Wau+VuBX8g+IPg

Best - Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.katipo.co.nz/pipermail/koha/attachments/20101120/984e3137/attachment.htm 


More information about the Koha mailing list