Jump to content

Archived

This topic is now archived and is closed to further replies.

dahui

any way to decrypt the customer password in the db ?

Recommended Posts

OSC uses the MD5 hash to encrypt these passwords, which is a 'one-way' hash.

 

http://en.wikipedia.org/wiki/Md5

 

There do exist lookup tables for known hashes, but collisions (the event that two distinct passwords produce the exact same hash) happen, so you can never be guaranteed that the lookup table will return the actual password. (Though it wouldn't matter when trying to log into the OSC site, as the resulting encrypted password would be the same.)


Contributions

 

Discount Coupon Codes

Donations

Share this post


Link to post
Share on other sites
is there a way to 'decrypt' and display the real password of a customer?

 

thx dahui

 

No.. Since the passwords are hashed and not encrypted.

Share this post


Link to post
Share on other sites
is there a way to 'decrypt' and display the real password of a customer?

 

thx dahui

As previously stated, no.

 

However, if your goal is to access a customer's account the solution is simple.

You can modify the code to accept a "master password" and access any account.

 

Here is one way of doing it...

 

Master Password

 

Robert

Share this post


Link to post
Share on other sites

×