Magento Forum

   
How are user passwords encrypted? 
 
the311guy
Sr. Member
 
Avatar
Total Posts:  120
Joined:  2007-10-18
 

What form of encryption is used for user passwords?
thanks

 
Magento Community Magento Community
Magento Community
Magento Community
 
lazzymonk
Guru
 
Avatar
Total Posts:  391
Joined:  2008-04-03
England
 

i believe they are just converted to an md5 hash.

Anyone that knows better feel free to correct me.

 
Magento Community Magento Community
Magento Community
Magento Community
 
alistek
Sr. Member
 
Total Posts:  293
Joined:  2008-04-02
Normal, IL
 

It uses the mcrypt php extension.  Here is code that would decrypt your encrypted text (not using Magento’s system).

<?php
    
/* Data */
    
$key 'key';
    
$encrypted 'encryptedtext';

    
/* Open module, and create IV */
    
$td mcrypt_module_open(MCRYPT_BLOWFISH,'',MCRYPT_MODE_ECB,'');
    
$iv mcrypt_create_iv (mcrypt_enc_get_iv_size($td), MCRYPT_RAND);


    
mcrypt_generic_init($td$key$iv);
    
    
$decrypted mdecrypt_generic($tdbase64_decode($encrypted));
    echo 
$decrypted;
?>

-Adam

 
Magento Community Magento Community
Magento Community
Magento Community
 
Moshe
Magento Team
 
Avatar
Total Posts:  1770
Joined:  2007-08-07
Los Angeles
 

@alistek: actually lazzymonk is correct, all security data which does not require decryption is hashed used salted md5. This includes customers and admin passwords.

encryption (mcrypt) is used for data that will need to be decrypted, such as payment / shipment gateways credentials and credit card numbers for Saved CC payment method.

 
Magento Community Magento Community
Magento Community
Magento Community
 
alistek
Sr. Member
 
Total Posts:  293
Joined:  2008-04-02
Normal, IL
 

Ah good to know, I didn’t know the distinction.  Thanks!

-Adam

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
    Back to top