| Author |
 Topic Search  Topic Options
|
fletch1200 
Newbie
Joined: 08 July 2004
Status: Offline
Points: 3
|
 Post Options
 Thanks(0)
 Quote  Reply
 Topic: Converting forum from encrypted passwords
Posted: 08 July 2004 at 12:38pm |
Hello,
I have an existing forum that uses encrypted passwords that I would like to convert to using unencrypted passwords for integration reasons. I have loaded the unencrypted passwords from an existing DB and set the blnEncryptedPasswords=false in the two common.asp files, but this does not seem sufficient to complete the transition. Is it possible to do this conversion with an existing forum, and if so what am I missing?
Thank you for your help!
Regards
|
 |
Str8Dog
Senior Member
Joined: 18 December 2001
Location: United States
Status: Offline
Points: 2118
|
Post Options
Thanks(0)
Quote Reply
Posted: 09 July 2004 at 10:16am |
|
Honestly, no. WWF uses a one way hash function to encrypt passwords. This means that the password the user gives is put throught a mathmatical computation that is irreversible, the result of that computation is then stored in the database.
You will need to notify your users that you are switching and they will need to use the automated password recovery tool to generate a new password. Given enough warning, your users will hopefully not mind.
|
|
|
|
fletch1200
Newbie
Joined: 08 July 2004
Status: Offline
Points: 3
|
Post Options
Thanks(0)
Quote Reply
Posted: 09 July 2004 at 10:46am |
Str8Dog,
Thank you for your reply. The problem I still have is that I've made the changes to common.asp (both) but when I create a new user it still creates encrypted passwords in the DB. Is there another setting or file that I need to change to stop that behavior?
|
|
dpyers
Senior Member
Joined: 12 May 2003
Status: Offline
Points: 3937
|
Post Options
Thanks(0)
Quote Reply
Posted: 09 July 2004 at 11:11am |
It sounds like he already has a list of unencrypted passwords for his users and just want to replace the encryped ones with the unencrypted ones after turning off encryption.
He's not trying to decypher the current encrpted ones.
I would think you could do it, but you might have to set the registration confirmed indicator as well.
When you say that your process this does not seem sufficient, what does that mean? What happens?
|
Lead me not into temptation... I know the short cut, follow me.
|
|
WebWiz-Bruce
Admin Group
Web Wiz Developer
Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844
|
Post Options
Thanks(0)
Quote Reply
Posted: 09 July 2004 at 11:49am |
 fletch1200 wrote:
Str8Dog,
Thank you for your reply. The problem I still have is
that I've made the changes to common.asp (both) but when I create a new
user it still creates encrypted passwords in the DB. Is there
another setting or file that I need to change to stop that behavior? |
Turning off encrypted passwords has not been fully tested yet so for
this reason and to maintain security in your forum it is not
recommended that you turn off encrypted passwords.
|
|
|
|
fletch1200
Newbie
Joined: 08 July 2004
Status: Offline
Points: 3
|
Post Options
Thanks(0)
Quote Reply
Posted: 09 July 2004 at 11:53am |
dpyers,
It still puts encrypted passwords in the DB when I create new users.
BTW I'm on 7.9/SQL
|
|
rocketdawg
Newbie
Joined: 03 August 2004
Status: Offline
Points: 17
|
Post Options
Thanks(0)
Quote Reply
Posted: 16 August 2004 at 1:32pm |
I just had the same problem.
Register.asp
line 830
'Generate new salt
' strSalt = getSalt(Len(strPassword))
On updating the password once the encryption was turned off, this line needs to be commented out. End of problem. No more encryped insertions.
I have no idea if that is the correct method, but it worked for me.
|
|
