Hi all, I'm trying to create a custom registration component for Joomla, and I was wondering if anyone knew how to create the correct password encryption for joomla? Joomla passwords look like this :
fbae378704687625a410223a61c66eb1:VM6DwmVWHTwpquDq51ZXjWWADCIc93MR
Which I believe are md5 (or something) and one way encryption? Am just looking for a php code of sorts to create that same encryption.
Cheers
//function to encrypt the string
function encode5t($str)
{
for($i=0; $i<5;$i++)
{
$str=strrev(base64_encode($str)); //apply base64 first and then reverse the string
}
return $str;
}
//function to decrypt the string
function decode5t($str)
{
for($i=0; $i<5;$i++)
{
$str=base64_decode(strrev($str)); //apply base64 first and then reverse the string}
}
return $str;
}
In this function, i’ve encrypted the string 5 times with base64_encode and reversing the string with strrev() and for decrypting 5 times by reversing the string first then applying base64_decode() .
+1 for storing the hash of the password rather than storing the password itself.
To protect against precomputation attacks you should use a random salt. Additionaly it's probably a good idea to use a stronger hashing algorithm such as SHA-256 which I think is supported on PHP. See Secure hash and salt for PHP passwords for more information.
I don't know PHP, but most languages have a library that supports md5 and (and other hashing algorithms) PHP appears to also. I found this:
string md5 ( string $str [, bool $raw_output = false ] )
Calculates the MD5 hash of str using the » RSA Data Security, Inc. MD5 Message-Digest Algorithm, and returns that hash.
Here's an example:
<?php
$password = 'apple';
if (md5($password) === '1f3870be274f6c49b3e31a0c6728957f') {
echo "Password correct";
}
?>
$salt = JUserHelper::genRandomPassword(32);
$crypt = JUserHelper::getCryptedPassword("yourpassword", $salt);
$password = $crypt.':'.$salt;
After a bit more searching i found my answer, thanks guys for your help :)