On 5/22/08, Nelson Serafica <[EMAIL PROTECTED]> wrote: > > I'll be transferring users to other server and need the password to create > them. I believe shadow is one way round so there's no change to decrypt it. > I have created a script so it will be a snap once I have the password. When > adding a user, password was also recorded in mysql database but the password > is encrypted. > Since encryption was done in mysql, I'm thinking if there's a way to > decrypt.
mysql's encrypt() calls unix crypt() function... crypt() is a one-way hash and a symmetric cryptography.. as far as i know there is no known formula to decrypt it unlike with asymmetric cryptography where the public key encrypt the payload and decrypt by the private key or vice versa.... the only way to get the encrypted password is to use the brute-force algorithm by trying all the possible combinations... since using the normal crypt() function is only significant upto 8 characters and the rest are ignored... you have 256 ^ 8 possible combinations for worst case scenario and 94 ^ 8 for average combinations.. (94 characters found on the keyboard)... if you have N processors to spare and divide the load (eg. 94 ^ 8 / N).. it wont take that long to find that password key.. but if you have lots of users in there... it will take more on your time.. on the other hand... you said transfering the user on the other server.. why not use that mysql database for centralized authentication? but if you still insist to have a clear text password in an easy way... $data[5] is already a clear text... everytime a user authenticates, it sends the clear text password and your authentication database encrypted it and compare to the stored encrypted value in your database if it is equal or not... with that, have a clear text password copy for every successful authenticaton in a separate column and until that column filled in by your users... you can start designing a higher security with that clear text password... fooler. _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
