Hi,

Unfortunately not, like there shouldn't be a way to do this in any software that considers security as an important criteria.

This way it's much harder for the hackers to get into your site, leaving just brute force, dictionary and password database attacks the only possible ways of hacking your users' passwords. (I'm not a software security expert, so I'm not sure if there are other methods)

The one-way formula for creating the stored user passwords in concrete5 is:


And the PASSWORD_SALT constant is a site-specific string you can find from config/site.php.



Antti / Mainio

@Manio: Yup it prevents Rainbow attacks which is only quick way to discover md5 hashed passwords.

But on that note if you export the user passwords(hashed) and then import those hashed in to a new concrete5 database(directly into the tables) you can use the same salt in /config/site.php for the new site and it should still work.

ok thanks for the answers.
I noticed that rainbow didn't work ;-)

The reason I'm asking is that I'm migrating users to another system.
I guess they'll just have to enter new password on first entrance.

Thanks.

like mkly said if you copy the salt over all should work I've done it a couple of times when we changed a server and it worked well.

thanks, but by an other system I actually ment a non c5 system.