Help Decrypting Customer Password

Posted By djjohnson Thu 7 Aug 2014
Add to Favorites1
Author Message
djjohnson
 Posted Thu 7 Aug 2014
Supreme Being

Supreme Being - (25,587 reputation)Supreme Being - (25,587 reputation)Supreme Being - (25,587 reputation)Supreme Being - (25,587 reputation)Supreme Being - (25,587 reputation)Supreme Being - (25,587 reputation)Supreme Being - (25,587 reputation)Supreme Being - (25,587 reputation)Supreme Being - (25,587 reputation)

Group: Forum Members
Last Active: Thu 26 Feb 2015
Posts: 45, Visits: 103
I need to be able to decrypt the customer password. I have to send the username and decrypted password to a third party web application for an auto login process. I have searched through the code to find someway to decrypt the salted password but no luck. Can someone point me in the right direction. I already have the username and salted password into variables and just need to decrypt the password.

D.J. Johnson
V.P. Development and Operations
NTS Services Corp
DataBackup.com
UKcentric
 Posted Fri 8 Aug 2014
Supreme Being

Supreme Being - (29,749 reputation)Supreme Being - (29,749 reputation)Supreme Being - (29,749 reputation)Supreme Being - (29,749 reputation)Supreme Being - (29,749 reputation)Supreme Being - (29,749 reputation)Supreme Being - (29,749 reputation)Supreme Being - (29,749 reputation)Supreme Being - (29,749 reputation)

Group: Forum Members
Last Active: Mon 13 Apr 2015
Posts: 43, Visits: 2,159
The password is encrypted using one-way SHA256 encryption algorithm so you shouldn't be able to decrypt it I think. It's also salted so a brute-force approach is unlikely to work either.

I think the only point at which a user's unencrypted password is available is when they create a new customer account, at which point you can grab it from the password field and store it elsewhere (which you shouldn't do, by the way).
djjohnson
 Posted Fri 8 Aug 2014
Supreme Being

Supreme Being - (25,587 reputation)Supreme Being - (25,587 reputation)Supreme Being - (25,587 reputation)Supreme Being - (25,587 reputation)Supreme Being - (25,587 reputation)Supreme Being - (25,587 reputation)Supreme Being - (25,587 reputation)Supreme Being - (25,587 reputation)Supreme Being - (25,587 reputation)

Group: Forum Members
Last Active: Thu 26 Feb 2015
Posts: 45, Visits: 103
That is what I ended up doing, but encrypting the password before storing back to the database so I can unencrypt it in code.

D.J. Johnson
V.P. Development and Operations
NTS Services Corp
DataBackup.com

Similar Topics

Expand / Collapse

Reading This Topic

Expand / Collapse

Back To Top