Help Decrypting Customer Password


https://forum.kartris.com/Topic3233.aspx
Print Topic | Close Window

By djjohnson - Thu 7 Aug 2014
I need to be able to decrypt the customer password. I have to send the username and decrypted password to a third party web application for an auto login process. I have searched through the code to find someway to decrypt the salted password but no luck. Can someone point me in the right direction. I already have the username and salted password into variables and just need to decrypt the password.
By UKcentric - Fri 8 Aug 2014
The password is encrypted using one-way SHA256 encryption algorithm so you shouldn't be able to decrypt it I think. It's also salted so a brute-force approach is unlikely to work either.

I think the only point at which a user's unencrypted password is available is when they create a new customer account, at which point you can grab it from the password field and store it elsewhere (which you shouldn't do, by the way).
By djjohnson - Fri 8 Aug 2014
That is what I ended up doing, but encrypting the password before storing back to the database so I can unencrypt it in code.