[Koha] Borrowers' password encryption method in database

Altaf Mahmud altaf.mahmud at gmail.com
Sun Nov 21 07:01:32 NZDT 2010


I found a solution for php:
$str = rtrim (base64_encode (pack ('H*', md5 ('123456'))), '=');

This returns the desired string in 22 characters, rtrim used for discarding
trailing '=' pad characters.

Thanks for the help.

2010/11/20 Paul <paul.a at aandc.org>

>  At 07:01 AM 11/20/2010 -0500, Chris Nighswonger wrote:
>
> 2010/11/20 Altaf Mahmud <altaf.mahmud at gmail.com>
>  Hi,
> I want to know how Koha saves its borrowers' password in database? Is it
> one-way conversion? For example, if a password is saved as
> '4QrcOUm6Wau+VuBX8g+IPg', can I decode it back to its original text which
> was '123456'?
> They are stored as MD5 hashes and you cannot "decode" them as such. IIRCC,
> what you must do is make an MD5 hash of the password and then compare the
> two hashes. They should be the same.
>
>
> The above is not a "pure" MD5 hash [32 character hexadecimal value]; for
> 123456, it would be
>
> e10adc3949ba59abbe56e057f20f883e
>
> However, the decrypt function at <http://www.cmd5.org/> does return 123456
> for 4QrcOUm6Wau+VuBX8g+IPg
>
> Best - Paul
>
> _______________________________________________
> Koha mailing list  http://koha-community.org
> Koha at lists.katipo.co.nz
> http://lists.katipo.co.nz/mailman/listinfo/koha
>
>


-- 
Altaf Mahmud
System Programmer
Ayesha Abed Library
BRAC University
Bangladesh.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.katipo.co.nz/pipermail/koha/attachments/20101121/875de8a0/attachment.htm 


More information about the Koha mailing list