Foren

RE: Password Decryption

thumbnail
Jignesh Vachhani, geändert vor 12 Jahren.

Password Decryption

Liferay Master Beiträge: 803 Beitrittsdatum: 10.03.08 Neueste Beiträge
Hi Everyone,

I want to decrypt all user passwords from md5 format.
I want it in plain text .

As per my knowledge decryption doesn't support in liferay for security purpose.
If anyone have idea, how can we do that ? then please share it .
thumbnail
jelmer kuperus, geändert vor 12 Jahren.

RE: Password Decryption

Liferay Legend Beiträge: 1191 Beitrittsdatum: 10.03.10 Neueste Beiträge
MD5 hashes are designed to be non reversible. Do there is no easy way to reliably obtain the plain text passwords (other than brute force or dictionary attacks)
thumbnail
Jignesh Vachhani, geändert vor 12 Jahren.

RE: Password Decryption

Liferay Master Beiträge: 803 Beitrittsdatum: 10.03.08 Neueste Beiträge
Thanks Jelmer,

I was looking for this final answer only as i was little bit confused.
Once again thanks a lot for your reply.
thumbnail
Mazhar Alam, geändert vor 12 Jahren.

RE: Password Decryption

Regular Member Beiträge: 191 Beitrittsdatum: 25.11.11 Neueste Beiträge
Hi Jignesh,

You can set in portal-ext.properties to access your passwords-

passwords.encryption.algorithm=NONE

Regards
thumbnail
Hitoshi Ozawa, geändert vor 12 Jahren.

RE: Password Decryption

Liferay Legend Beiträge: 7942 Beitrittsdatum: 24.03.10 Neueste Beiträge
passwords.encryption.algorithm=NONE


This will store your password in plain text. This means your db admin would be able to see all including admin's password.
Also, be aware that you have to set this before you first startup Liferay because changing password encryption may result in not being able to login.
thumbnail
Mazhar Alam, geändert vor 12 Jahren.

RE: Password Decryption

Regular Member Beiträge: 191 Beitrittsdatum: 25.11.11 Neueste Beiträge
I agree that the passwords changes into plain text.

Is there any means to fetch the Password from the database table of any respective user.?

Thanks in advance
thumbnail
Hitoshi Ozawa, geändert vor 12 Jahren.

RE: Password Decryption

Liferay Legend Beiträge: 7942 Beitrittsdatum: 24.03.10 Neueste Beiträge
After you set the password to be in plain text, you'll be able to look at the column "password_" in the table "user_".

You may be able to use Liferay api to get the user and do user.getPassword()
Ashok Sangi, geändert vor 12 Jahren.

RE: Password Decryption

New Member Beiträge: 10 Beitrittsdatum: 21.11.11 Neueste Beiträge
hi majhar

if i follow yours posted ans can i see all the plain text passwords in d.b
thumbnail
Ravi Kumar Gupta, geändert vor 12 Jahren.

RE: Password Decryption

Liferay Legend Beiträge: 1302 Beitrittsdatum: 24.06.09 Neueste Beiträge
Hi Ashok,

You will see all the passwords in plain text in db after setting that property. But it should be done at the first start up of the portal. So that Liferay can build database accordingly.

-Ravi
thumbnail
Mazhar Alam, geändert vor 12 Jahren.

RE: Password Decryption

Regular Member Beiträge: 191 Beitrittsdatum: 25.11.11 Neueste Beiträge
Ashok,
Yes u can see all the passwords in plain text.
Also
Go through ravi's comment too. :-)
Ashok Sangi, geändert vor 12 Jahren.

RE: Password Decryption

New Member Beiträge: 10 Beitrittsdatum: 21.11.11 Neueste Beiträge
thank you , now i can see the plain text pwds
thumbnail
Arcko Duan, geändert vor 12 Jahren.

RE: Password Decryption

Regular Member Beiträge: 213 Beitrittsdatum: 15.10.07 Neueste Beiträge
You could change to use other encryption method like DES for your password.
thumbnail
Jignesh Vachhani, geändert vor 12 Jahren.

RE: Password Decryption

Liferay Master Beiträge: 803 Beitrittsdatum: 10.03.08 Neueste Beiträge
Thanks to all guys,

As passwords are saved in encrypted format in my DB.
But I think I need Decrypted formated passwords from DB and as per the suggestion given by Jelmer its not possible.
thumbnail
Ravi Kumar Gupta, geändert vor 12 Jahren.

RE: Password Decryption

Liferay Legend Beiträge: 1302 Beitrittsdatum: 24.06.09 Neueste Beiträge
i guess when Liferay stores password in session(see properties file) it stores when user is logging in. And no way we can decrypt password from a hash.

Jignesh, If you are in need to get password from db. You can write your own algo to encrypt and decrypt like RSA(or simply use RSA). You can have public and private key per portal to encrypt/decrypt passwords only using keys of that portal. This way even admin will not be able to get passwords simply and it will be secure.

HTH
thumbnail
Jignesh Vachhani, geändert vor 12 Jahren.

RE: Password Decryption

Liferay Master Beiträge: 803 Beitrittsdatum: 10.03.08 Neueste Beiträge
Yes Thats Right Ravi,
So for confirmation only I just posted this thread so now if any other users have this kind of requirement, they can get nice answers from here.
Thanks to all who have contributed their answers here.
thumbnail
Mazhar Alam, geändert vor 12 Jahren.

RE: Password Decryption

Regular Member Beiträge: 191 Beitrittsdatum: 25.11.11 Neueste Beiträge
Hi ravi,

You told that Liferay stores password in session i.e in some property file ,it stores when user is logging in- so can you please tell me in which property file it stores the password.

Thanks in advance.
thumbnail
Ravi Kumar Gupta, geändert vor 12 Jahren.

RE: Password Decryption

Liferay Legend Beiträge: 1302 Beitrittsdatum: 24.06.09 Neueste Beiträge
Mazhar, Its not stored in property file. We use a property so that liferay understands and stores password in session when user logs in.

See this property

    #
    # Set this to true to store the user's password in the session.
    #
    session.store.password=false
thumbnail
Mazhar Alam, geändert vor 12 Jahren.

RE: Password Decryption

Regular Member Beiträge: 191 Beitrittsdatum: 25.11.11 Neueste Beiträge
Ok Ravi, got it.
Thanks!