[Koha] Password, hash, bcrypt

robm robmietto at gmail.com
Fri Feb 21 07:22:21 NZDT 2020

Hi Bernardo.

Let me explain because uncode/decode passwords is a sensitive subject. First
of all we know that is impossible reverse the password stored because bcrypt
is a one-way method. My needs is that I have a system, still in use, that
has some tools wroten by myself in php etc. They are to print labels,
meeting room agenda etc.

Me and my staff have access to this program by username & password, but I
would like to validate that access with username & password stored in Koha
db. So, all we would have just one account to manage.

But really thanks for your reply. 


P.S If we use a online Bcrypt generator (e.g.
https://www.browserling.com/tools/bcrypt), and put, like your example,
"clearpass" (using Rounds 8 - 'cause chars 03-05 is "$08" in encrypted
string) we get another result compared with Koha::AuthUtils. Why? Because
Koha has something more (a salt) that goes along with our phrase pass when
creating the hash (crypted string).

Sent from: http://koha.1045719.n5.nabble.com/Koha-general-f3047918.html

More information about the Koha mailing list