#1
  1. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2000
    Location
    Hillsboro, OR, USA
    Posts
    12
    Rep Power
    0
    Hi.
    I was having trouble emailing an encrypted password. The password is stored with the password option so it gets encrypted. I then lookup the password and email it using php3, but the password shows as encrypted. How do you decrypt it? I tried playing with the decrypt command but with no luck.
    Any help is appreciated.
    Tim
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 1999
    Location
    Annapolis, Maryland US
    Posts
    113
    Rep Power
    16
    Are you using MySQL's password() function to encrypt the password? If so, I don't believe you'll be able to decrypt it for obvious security reasons. Try using PHP's encrypt() function before storing it in the database and use the complementary PHP decrypt() function when pulling it out of the database.
  4. #3
  5. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2000
    Location
    Hillsboro, OR, USA
    Posts
    12
    Rep Power
    0
    Originally posted by Kyuzo:
    [B]Are you using MySQL's password() function to encrypt the password? If so, I don't believe you'll be able to decrypt it for obvious security reasons. Try using PHP's encrypt() function before storing it in the database and use the complementary PHP decrypt() function when pulling it out of the database.[/B

    What is the purpose of the MySQL's password function if you can not ever decrypt it?
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 1999
    Location
    Annapolis, Maryland US
    Posts
    113
    Rep Power
    16
    From the MySQL manual...

    PASSWORD(str)
    Calculates a password string from the plaintext password str. This is the function that is used for encrypting MySQL
    passwords for storage in the Password column of the user grant table.

    mysql> select PASSWORD('badpwd');
    -> '7f84554057dd964b'

    PASSWORD() encryption is non-reversible. PASSWORD() does not perform password encryption in the same way that
    Unix passwords are encrypted. You should not assume that if your Unix password and your MySQL password are the
    same, PASSWORD() will result in the same encrypted value as is stored in the Unix password file. See ENCRYPT().

    If you could decrypt this, you might be able to decrypt user passwords from the mysql db.
  8. #5
  9. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2000
    Location
    Hillsboro, OR, USA
    Posts
    12
    Rep Power
    0
    Thanks, that makes a lot of sense.

    I am using trying to write a php file that will email the user their password if they forgot it. It goes along with Neoboard message board. I looked and they encrypt it like this:
    $userpassword = crypt($userpassword,'.v');

    I tried to decript it like this:
    $userpassword2 = (decrypt($userpassword,'.v'));

    And got this error:

    Fatal error: Call to unsupported or undefined function decrypt() in /export/home/dmiller/public_html/neoboard/forgot2.php3 on line 54

    Any suggestions?
    Thanks again

  10. #6
  11. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 1999
    Location
    Annapolis, Maryland US
    Posts
    113
    Rep Power
    16
    crypt() uses a one-way algorithm that can't be decrypted anyway, so it wouldn't have mattered. I checked a PHP book that I had and it spoke of encrypt() and decrypt() being complementary pairs but I did a small test and got the same error you did "unsupported function...blah blah.."

    Another alternative - use MySQL's encode() and decode() functions for storing and retrieving, respectively. The key is that the column must be a blob type for holding binary data which is what is returned from the encode function.

    Quick example.....

    one column table with pass as blob type

    %insert into table values(encode('captain', 'kangaroo')); // captain is actual password and kangaroo is the password string

    %select decode(pass, 'kangaroo') from table

    hope it helps

    Kyuzo
  12. #7
  13. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2000
    Location
    Gorakhpur,U.P.,India
    Posts
    24
    Rep Power
    0
    In continuation to this interesting discussion i would like to know whether it is possible to encrypt a string on the client side using JavaScript and decrypt it on the server side using PHP.

    Pls Help...

    Thanks in advance..



    ------------------
    Anish Modi
    Infotech World
    India
  14. #8
  15. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2000
    Location
    durham, nc, usa
    Posts
    14
    Rep Power
    0
    <BLOCKQUOTE><font size="1" face="Verdana,Arial,Helvetica">quote:</font><HR>Originally posted by tim miller:
    <snip>

    I am using trying to write a php file that will email the user their password if they forgot it. It goes along with Neoboard message board. <snip>
    [/quote]

    Tim,

    Typically, unless you have a reason to access the user's account AS THE USER, it is not really desirable for you to store the password at all. When a user forgets his or her password, I typically generate a brand new one for them and reset their old password password using an account with appropriate grants. You will find this to be generally more secure and carry lower overhead.

    Best regards,

    Jim

  16. #9
  17. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2000
    Location
    durham, nc, usa
    Posts
    14
    Rep Power
    0
    <BLOCKQUOTE><font size="1" face="Verdana,Arial,Helvetica">quote:</font><HR>Originally posted by amodi:
    In continuation to this interesting discussion i would like to know whether it is possible to encrypt a string on the client side using JavaScript and decrypt it on the server side using PHP.

    Pls Help...

    Thanks in advance..


    [/quote]

    What are you using to encrypt on the Java side? If you are using JCE 1.2, it shares encryption methods with the m_crypt library in php. Haven't tried what you're doing, but if the methods are implemented correctly and you're using the same keys, you should not have a problem.

    Additionally, I believe there are PGP encryption routines available for both PHP and java. You can send your public key for encryption and unencrypt using a private key which you control. This may be a good alternative for you.

Similar Threads

  1. password generation on user auth.
    By nacho_c in forum PHP Development
    Replies: 14
    Last Post: January 16th, 2004, 05:55 AM
  2. Replies: 1
    Last Post: January 7th, 2004, 07:41 PM
  3. pass password to perl encrypted...help!
    By musiciscrack in forum Web Design Help
    Replies: 0
    Last Post: December 26th, 2003, 04:14 AM
  4. Command Producing Encrypted Password
    By epanagio in forum Linux Help
    Replies: 1
    Last Post: December 19th, 2003, 09:36 PM
  5. store username and encrypted password in the DB
    By yashi in forum Apache Development
    Replies: 4
    Last Post: October 2nd, 2003, 04:32 PM

IMN logo majestic logo threadwatch logo seochat tools logo