Re: How do I decrypt passwords?

Thu, 25 Jan 2007 03:05:43 -0800 

 Andrew & Drew,
 
 May I bring to light an different aspect of password generation : 

        It generates the **same**  "encrypted password" every time. e.g "test" 
may generate "XYXQ1111" . for the next test as password it will also generate 
"XYXQ1111".

        I needed to stop user from registering with standard passwords like 
"test" ; "test123" ; "bharti" etc.  All I had to do is run  the program which 
checks for these "standard generated passwords"  and check with  "generated 
user entered password" in batch or online. It case string matches , stop him 
from completing the process.  I admit it was really dirty hack.

        This is debatable issues - It is feature or bug :)    Ofbiz being Open 
source ; it has far more implication. 
        
         Can password generation be parameterized so the generated password is 
different. 
        
Chand


----- Original Message ----- 
From: "Andrew Sykes" <[EMAIL PROTECTED]>
To: <dev@ofbiz.apache.org>
Sent: Wednesday, January 24, 2007 8:08 AM
Subject: Re: How do I decrypt passwords?


> Drew,
> 
> I believe the encryption is asynchronous, i.e. not reversible.
> 
> - Andrew
> 
> On Wed, 2007-01-24 at 10:33 -0500, Stephens, Drew wrote:
>> I have a question about decrypting passwords from the User_Login table.
>> We need to prepare a file of User ID and passwords to an external
>> system, I think I have found the programming used to encrypt and save
>> the password to the database but I could find not any logic to decrypt
>> the password.  Obviously, if we can't decrypt we can't provide the
>> password.  I don't want to reverse engineer the encryption logic and
>> then write a new decryption logic; I want to use something that already
>> exists.
>>  
>> We are running an old version of OFBIZ, I think 1.1 but I don't remember
>> exactly how to find out for sure.
>>  
>> Thanks for any help you can provide.
>>  
>> 
>> Drew Stephens
>> Rippe & Kingston Systems, Inc. 
>> [EMAIL PROTECTED]
>> Phone: (513) 977-4573 
>> 
>> Visit us at: www.rippe.com 
>> 
>> 1077 Celestial Street, Cincinnati, Ohio 45202-1696
>> 
>> ========================================================================
>> ======= 
>> 
>>  
> -- 
> Kind Regards
> Andrew Sykes <[EMAIL PROTECTED]>
> Sykes Development Ltd
> http://www.sykesdevelopment.com
> 
>

Reply via email to