php cake passwords

[Trusts]

Hi,

I am taking over a web site built on PHPCake, and the goal is to get it off cake. I can reproduce all functionality simply by going through the processes a user and the admin would take. I have the database and all the data.

The one thing I need to do is to decrypt the passwords. The owner and I have talked this over and although we agree we could ask all users to help us with this - that it would be a tedious process.

Given that I have all the encrypted passwords, and some of the decrypted equivalents - is it possible to figure out the algorithm that creates the encryption?

I know it sounds scary or like a no-no, but I am only trying to be efficient with a project handed over to me after some newbies and wannabees made a mess of the whole thing.

Anything I do is already on a dev/test box so there is no harm to the production system. There are about 200 users and asking them for their passwords - doesn't seem great. We will do that if necessary but hoping to just figure out a decrypt scheme. The new platform will not be Cake and will not follow its methods.

Thanks,
KB

 

[jpadie]

why can you not derive the encryption algorithm from the original code?

alternatively if you are willing to provide one decrypted and encrypted variant then i can tell you whether it uses any one of the common algorithms.

 

[jpadie]

one other alternative, do you capture the email address of each user? if so then you could create a process that, next time the user logs in, you accept any password at all, but require them to go through a challenge process with an automatically issued password sent to their email address.

but i think it very likely that we'll be able to help with the earlier method.

 

[Trusts]

Hi jpadie,

I am not too familiar with cake and don't know where to find the enryption algorithm. Do you know where I should look?

 

[jpadie]

it won't be a cake thing,. it will be a method in the registration process.

as said, i might be able to help if you let me have a password in its encrypted and unencrypted form. this should not be a security breach in itself as there is no username attached to the password.

 

[Trusts]

Sure,

8d788385431273d11e8b43bb78f3aa41
is teacher

and

7d8bc5f1a8d3787d06ef11c97d4655df
is taylor

 

[jpadie]

as suspected, the encryption is just md5. more of an encoding than an encryption.

you cannot decrypt the pwd (ish). but when you test the password match you should do so with the md5 hash of the password.

so something like this

$query = "
   Select count(*) 
   from usertable 
   where 
     username='".mysql_real_escape_string($_POST['username']) . "'
     and 
     pwd = '".mysql_real_escape_string(md5($_POST['pwd'])) ."' ";

hope that helps!

 

[Foamcow]

The newbies and wannabees actually used a pretty standard method for login authentication.

You don't need to decrypt anything just compare hashes as jpadie says.

--
Tek-Tips Forums is Member Supported. Click Here to donate

<honk>*:O)</honk>

Tyres: Mine's a pint of the black stuff.
Mike: You can't drink a pint of Bovril.