[TYPO3-dev] Re: Getting clear text passwords in authentication service
Elmar Hinz
t3elmar at googlemail.com
Fri May 3 16:19:19 CEST 2013
>
> there is no (algorithmic) way to get the clear-text representation of a
> hashed value. Hashing is a one-way function and thus different from
> encryption (where a decryption exists).
>
What do we conclude from this?
Chris is already rigtht with the idea to validate with the old password algorithim.
1.) user sends login
2.) hash it with the new algorithem and compare with the encrypted password.
3.) if that doesn't match, try the same with the old algorithm.
Elmar
--
* Certified TYPO3 Integrator: https://www.xing.com/profile/Elmar_Hinz | https://github.com/t3elmar
* Stored Procedures form TypoScript: http://docs.typo3.org/typo3cms/extensions/esp/
* Extension Upload from Command-Line: http://t3elmar.github.io/Ext/
More information about the TYPO3-dev
mailing list