Passwords Passwords
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

Passwords

Started by Chefkochx, January 22, 2004, 03:14:50 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Chefkochx

If got a question to the bridges.
in my Coppermine tables (standalone) I can see all passwords of users.
But when I look in my phpnuke -> nuke_users, the passwords are encrypted.
My question is: Is it possible that Coppermine has the ability, to decode the password lines of phpnuke? I can't belive it that CPM can use nuke_users
Can you help me?

Chefkoch

Terragen

Coppermine stores passwords in plaintext - nuke does not.

Coppermine cannot (nor does it) decrypt passwords - it simply does not encrypt them which is why you can read them.

Here's a way to modify the code to encrypt the passwords - makes it a bit more secure.

http://forum.coppermine-gallery.net/index.php?topic=2179

Chefkochx

cool
I will check it
Is it the same encryption like in phpnuke
I will combine my phpnuke on one space and coppermine on another space. So I have to add my "new users" manually in the user table in CPM Standalone. So problem is that i can`t read the passwords of my users because they are encrypted :-(

besides
is it possible to decrypt all passwords of my users in phpnuke?

Terragen

Quote from: "Chefkochx"cool
I will check it
Is it the same encryption like in phpnuke
I will combine my phpnuke on one space and coppermine on another space. So I have to add my "new users" manually in the user table in CPM Standalone. So problem is that i can`t read the passwords of my users because they are encrypted :-(

Well I looked at phpnuke about a year ago but not in too much detail. It probably uses MD5 encryption (like the link I posted) so they might be compatible but you'd have to try it (just apply the hack and then try putting a phpnuke pass in there and logging on) or ask someone who knows phpnuke better.

Quotebesides
is it possible to decrypt all passwords of my users in phpnuke?

Wouldn't that defeat the purpose of encrypting them in the first place? ;)



The theory is that instead of knowing the password you take a password and encrypt it and compare the 2. If they match then its the right password - but this way if someone compromises your database they can't really steal any user's passwords (and prevents unscrupulous admins from trying to use someone's password to get their mail in the case where the user uses the same password for everything).

Joachim Müller

Terragen's right: MD5 is a "one-way algorythm": it "converts" a plain-text (password) string to some encrypted string, so you can compare the encrypted bits, but there's no "way back" - you can't decrypt MD5-passwords.

GauGau

Chefkochx

aha
I've testet the MD5 Passwords on my CPM and I've seen that it was encrypted very fasten. When CPM can encrypt passwords so fast, then it must exist a programm which can it decrypt in the same speed (else user have to wait very long by there login). I think this would be interesting.

Nibbler

the passwords are *never* decrypted, read what the people above just said  :roll:

Joachim Müller

@Nibbler: Thanks :D

@Chefkochx: hiermit erhälst Du die "gelbe Karte" :x (*gaugau utters warning in German*)...

GauGau