can u see users passwords?

This is an archive of the phpBB 2.0.x support forum. Support for phpBB2 has now ended.
Forum rules
Following phpBB2's EoL, this forum is now archived for reference purposes only.
Please see the following announcement for more information: viewtopic.php?f=14&t=1385785
Locked
BsK_sToRm
Registered User
Posts: 24
Joined: Sun Aug 18, 2002 1:51 pm

can u see users passwords?

Post by BsK_sToRm »

just a question if its possible to see users passwords (when ur the admin obviously)
plz reply
thanks
-phpbb newbie-

User avatar
Darlof
Former Team Member
Posts: 7111
Joined: Wed Jul 10, 2002 7:53 pm
Location: AR, USA
Name: Darrell
Contact:

Post by Darlof »

not possilbe

ZoliveR
Former Team Member
Posts: 11899
Joined: Sun Jul 14, 2002 7:36 pm
Location: floating in the light, never forgotten

Post by ZoliveR »

Yes the passwords are thus crypted unless being super pro in cryptanalyse and to know the algorithm, you cannot see the passwords of your members (or other members in others boards)
No more Team Chocolate Member. I decided to leave, it's my choice. Thanks to all for all these years.
I'm always near if you need news of me. But no more support is given (private notification disabled)

R. U. Serious
Registered User
Posts: 830
Joined: Mon Feb 11, 2002 2:07 pm

Post by R. U. Serious »

ZoliveR wrote: unless being super pro in cryptanalyse and to know the algorithm, you cannot see the passwords of your members


Actually you don't have to be a pro, you just have to have a loooot of time and processing time. :mrgreen: ;)

To answer BsK_sToRm's question: No, not possible. ;)

zylander
Registered User
Posts: 87
Joined: Thu Jul 18, 2002 5:37 am
Location: San Francisco, CA

Post by zylander »

but you can change their passwords :D

Ashe
Former Team Member
Posts: 642
Joined: Sun Jul 08, 2001 11:38 am

Post by Ashe »

R. U. Serious wrote: Actually you don't have to be a pro, you just have to have a loooot of time and processing time.


But how will you know you found the real password and not a different string sharing the same hash? :lol:

R. U. Serious
Registered User
Posts: 830
Joined: Mon Feb 11, 2002 2:07 pm

Post by R. U. Serious »

Ashe wrote: But how will you know you found the real password and not a different string sharing the same hash? :lol:


Well...erm...if it looks like a password, smells like a password and works like a password, then does it make a sound when it falls and nobody is there to hear it? I'd say yes; at least on mondays! :roll: :P :wink:

edit: But, ok, you are absolutely right, if the user is lazy enough to use the same password on different sites, it is a good thing, one cannot really find the original password.
Even though with my luck, all my different passwords for different sites probably have the same MD5-hash...

zoid
Registered User
Posts: 743
Joined: Fri Oct 12, 2001 6:29 am
Location: $SCRIPT_NAME
Contact:

Post by zoid »

This question has been asked already some times and here are the particular threads.

http://www.phpbb.com/phpBB/viewtopic.php?t=8731
http://www.phpbb.com/phpBB/viewtopic.php?t=14229

The password cannot be decrypted, because it is not even encrypted :). phpbb generates a hash (a unique number) of the password and stores it. Upon logging in, phpbb generates once again a hash of the entered password and compares it to the stored one. If it matches, the password was correct.

Anyway, to answer Ashe's question, it is quite unlikely that another string has the same hash as the one of the password, however if there would be one you could actually login with the "wrong" password.

Alexander
Whatever you want to know, please do a Image Search before asking :).

Run your own Chatcommunity
>> PINO - Client/Server Chat for Windows <<

Archvile
Registered User
Posts: 6
Joined: Mon Aug 19, 2002 11:31 am
Location: Warsaw, Poland
Contact:

see user passwords...

Post by Archvile »

Hi... so, my first post :)

Did you think about intercepting mails which comes to everyone with his/her passwords? It's very easy ;)
But of course... it works only during registering process, probably it is impssible to recover mails of old users.

But another chance - sniff HTTP connection (plain text... unless you use https), when user is logging in... :mrgreen:

Greetings
Archvile

ZoliveR
Former Team Member
Posts: 11899
Joined: Sun Jul 14, 2002 7:36 pm
Location: floating in the light, never forgotten

Post by ZoliveR »

BsK_sToRm, I raise questions, why want to see the passwords of the users? They are with them and they belong to them. If a member forgot his password then it will have it via email. Thus the only thing that you can make is to change address email of the member by yours and to click on the link "I've forget my password" But I raise and raise the question: Which interest to want to have the password of the member??? (I hope that I expressed myself well...)
No more Team Chocolate Member. I decided to leave, it's my choice. Thanks to all for all these years.
I'm always near if you need news of me. But no more support is given (private notification disabled)

Locked

Return to “2.0.x Support Forum”