ProjeQtOr free project management software - how password are encrypted - ProjeQtOr
 

how password are encrypted

More
25 Jun 2019 09:45 #1 by sogeti
Hi,

Im searching how password are encrypted in the table [resource], column [password] in projeqtor database (mh5, sh256..)

Could you help me ?

Benjamin

Please Log in or Create an account to join the conversation.

More
25 Jun 2019 11:58 #2 by babynus
Replied by babynus on topic how password are encrypted
They are encrypted in a non bijective way : you cannot decrypt passwords.
To check password, we encrypt password given by user with same method and compare result with stored encrypted value (it is same process as for credit card code)

Babynus
Administrator of ProjeQtOr web site

Please Log in or Create an account to join the conversation.

More
25 Jun 2019 13:59 #3 by sogeti
Replied by sogeti on topic how password are encrypted
Thanks for your reply.
For explication : We want to create a new application using informations in the report view (work planned, work imputed...) and use the login/password in the projeqtor database
This is why we want to use the same encryption method.

Please Log in or Create an account to join the conversation.

More
25 Jun 2019 15:46 #4 by Envergus
Replied by Envergus on topic how password are encrypted
MD5

Please Log in or Create an account to join the conversation.

More
25 Jun 2019 16:24 #5 by babynus
Replied by babynus on topic how password are encrypted

Envergus wrote: MD5

No, not so easy.
it is sha256 encryption of password with extra "salt" (randow key stored on user to reduce brute force attacks efficiency)

$this->password=hash('sha256',$paramDefaultPassword.$this->salt);


Babynus
Administrator of ProjeQtOr web site
The following user(s) said Thank You: Envergus

Please Log in or Create an account to join the conversation.

More
25 Jun 2019 23:44 #6 by gohrner
Replied by gohrner on topic how password are encrypted
How about a future switch to the secure password hashing and verification functions PHP now offers?

secure.php.net/manual/en/function.password-hash.php secure.php.net/manual/en/function.password-verify.php

This will be significantly more secure, as sha256 hashes are comparatively quickly computed using modern graphics cards, allowing to break even non-trivial salted passwords just by brute-forcing them.

Please Log in or Create an account to join the conversation.

Moderators: babynusprotion
Time to create page: 0.041 seconds