forum.coppermine-gallery.net
Support => Older/other versions => cpg1.2 Standalone Support => Topic started by: Chefkochx on January 22, 2004, 03:14:50 pm
-
If got a question to the bridges.
in my Coppermine tables (standalone) I can see all passwords of users.
But when I look in my phpnuke -> nuke_users, the passwords are encrypted.
My question is: Is it possible that Coppermine has the ability, to decode the password lines of phpnuke? I can't belive it that CPM can use nuke_users
Can you help me?
Chefkoch
-
Coppermine stores passwords in plaintext - nuke does not.
Coppermine cannot (nor does it) decrypt passwords - it simply does not encrypt them which is why you can read them.
Here's a way to modify the code to encrypt the passwords - makes it a bit more secure.
http://forum.coppermine-gallery.net/index.php?topic=2179
-
cool
I will check it
Is it the same encryption like in phpnuke
I will combine my phpnuke on one space and coppermine on another space. So I have to add my "new users" manually in the user table in CPM Standalone. So problem is that i can`t read the passwords of my users because they are encrypted :-(
besides
is it possible to decrypt all passwords of my users in phpnuke?
-
cool
I will check it
Is it the same encryption like in phpnuke
I will combine my phpnuke on one space and coppermine on another space. So I have to add my "new users" manually in the user table in CPM Standalone. So problem is that i can`t read the passwords of my users because they are encrypted :-(
Well I looked at phpnuke about a year ago but not in too much detail. It probably uses MD5 encryption (like the link I posted) so they might be compatible but you'd have to try it (just apply the hack and then try putting a phpnuke pass in there and logging on) or ask someone who knows phpnuke better.
besides
is it possible to decrypt all passwords of my users in phpnuke?
Wouldn't that defeat the purpose of encrypting them in the first place? ;)
The theory is that instead of knowing the password you take a password and encrypt it and compare the 2. If they match then its the right password - but this way if someone compromises your database they can't really steal any user's passwords (and prevents unscrupulous admins from trying to use someone's password to get their mail in the case where the user uses the same password for everything).
-
Terragen's right: MD5 is a "one-way algorythm": it "converts" a plain-text (password) string to some encrypted string, so you can compare the encrypted bits, but there's no "way back" - you can't decrypt MD5-passwords.
GauGau
-
aha
I've testet the MD5 Passwords on my CPM and I've seen that it was encrypted very fasten. When CPM can encrypt passwords so fast, then it must exist a programm which can it decrypt in the same speed (else user have to wait very long by there login). I think this would be interesting.
-
the passwords are *never* decrypted, read what the people above just said :roll:
-
@Nibbler: Thanks :D
@Chefkochx: hiermit erhälst Du die "gelbe Karte" :x (*gaugau utters warning in German*)...
GauGau