how to decrypt the moodle password

how to decrypt the moodle password

- salman daca の投稿
返信数: 9

i m using moodle framework and  passwordsaltman encryption please help me out how to decrypt it any script or any way how?????

評点平均:Not cool (1)
salman daca への返信

Re: how to decrypt the moodle password

- Visvanath Ratnaweera の投稿
画像 Particularly helpful Moodlers 画像 Translators
It is normal practice to "encrypt" passwords by sending them through a http://en.wikipedia.org/wiki/Cryptographic_hash_function. In the case of Moodle the function is http://en.wikipedia.org/wiki/MD5. See function hash_internal_user_password($password) in lib/moodlelib.php.

An important property of such functions is that they are irreversible ("it is infeasible to generate a message that has a given hash").
評点平均: Cool (1)
Visvanath Ratnaweera への返信

Re: how to decrypt the moodle password

- Stuart Mealor の投稿
画像 Particularly helpful Moodlers

...even if it was possible, do you think it would be a good idea to have a Forum post here explaining how to do it !?!?  lol

評点平均: -
Stuart Mealor への返信

Re: how to decrypt the moodle password

- Visvanath Ratnaweera の投稿
画像 Particularly helpful Moodlers 画像 Translators
If Moodle uses a reversible algorithm and keeps it secret, how long would it take to a cracker to find the answer?

The fundamental question is, how Open Source Software can hide such information?
評点平均: -
Visvanath Ratnaweera への返信

Re: how to decrypt the moodle password

- Tim Hunt の投稿
画像 Core developers 画像 Documentation writers 画像 Particularly helpful Moodlers 画像 Peer reviewers 画像 Plugin developers

Moodle does not encrypt passwords. It hashes them using a one-way hash function.

This is common practice, in irreversible by design.

評点平均: Very cool (2)
Tim Hunt への返信

Re: how to decrypt the moodle password

- Chetan Sharma の投稿

Hi Tim Hunt,

I need some help regarding the same. I want to add a column in mdl_user in which original password of user in stored (Not hashed). Is there a way to achieve this? In which file moodle does its insert query for the password?

Thanks in Advance.
評点平均: -
Chetan Sharma への返信

Re: how to decrypt the moodle password

- Tim Hunt の投稿
画像 Core developers 画像 Documentation writers 画像 Particularly helpful Moodlers 画像 Peer reviewers 画像 Plugin developers

Here is the right way to do this:

Don't

評点平均: -
Tim Hunt への返信

Re: how to decrypt the moodle password

- Chetan Sharma の投稿

Hi Tim,

I know it is not at all a good practice. But i have got a task from my employer that the admin should be able to login to any user's account. Please help me what should i do?

評点平均: -
Chetan Sharma への返信

Re: how to decrypt the moodle password

- Robert Brenstein の投稿
Moodle admin can login into any user account without knowing the password using the "login as" feature. No need to change anything in Moodle or reveal passwords.
評点平均: Very cool (2)
Visvanath Ratnaweera への返信

Re: how to decrypt the moodle password

- Howard Miller の投稿
画像 Core developers 画像 Documentation writers 画像 Particularly helpful Moodlers 画像 Peer reviewers 画像 Plugin developers
I have no idea if this is a serious question or some trolling. Either way, I think it's important to understand why password salts exist.

The original design was to simply 'md5' the password. The problem with that is that if you use a common word for a password and someone gets hold of the hashed password it is trivial to reverse. This is no big secret, there are sites that have database of common (and not so common) md5 hashes and can easily decode them.

However, if you use a lengthy and reasonably random salt this all but makes this impossible. It's still theoretically possible to crack passwords if you know the salt and the method used (easy enough with Moodle) but it would still only work for 'dictionary' words.

So... use a good salt, leave the password restriction settings turned up and keep your salt secret. In which case, it's near enough to impossible to decode the passwords.

However, to answer the original question as posed, no you cannot. That's the idea!
評点平均: Very cool (2)