Unhash Passwords

Is there any way to unhash (un-encrypt) the passwords of the members?

Thank you!

Passwords are hashed, not encrypted. Encryption can be decrypted, hashing is one way. It cannot be reversed.

So there is no option to have the passwords unhashed?

Everything is possible. But you would have to hire a Hacker. If hashing was easy to reverse then it would not be useful to protect passwords.

More information.

http://en.wikipedia.org/wiki/SHA_hash_functions

http://en.wikipedia.org/wiki/Cryptographic_hash_function

Just curious.... why do you want to obtain the passwords of your members?

Unhashing of passwords.... Hmmm, seems like a hard route just to break into their accounts and read their e-mails.  Perhaps you'd find it a little easier to just go into the DB, look up the mail tables and red them that way.  Maybe you want to send out a few e-mails on their behalf to others.  Could be a fun little way to create some drama on your site.  But that could be done by just going to the tables, looking up the mail section and then entering your own manually into the DB.

As long as you assign all the fields correctly it'll look like your members sent the e-mails out. 

So, what reason do you have for wanting the passwords? 

D7  has  added a  salt   to   the  hash...  for  all  new  members.... this  added  a random varible that  makes it  highly  unlikely a  hash of  this  nature  can  be  broken...  if  you  have  migrated  members from  d6  there  is  no salt  added  to  md5  hash   therefore if  that  is  the  case  then  yes  and  no... the  hash  will always  return  the  same  value  from a  given  input  then  you  can  simply do  some  math  and  decode  a  given  hash  to a to  a value...  simply  was  said   jokingly  the  math  is  rather  complex   even  a  null  input  generates A HASH...  there  are lookuptables  that  can  be  used for  common hashes...

Gotgoblin

There are lots of reasons you might want to log into a member's account - not everything has evil intent.   I have a few members whose avatar didn't set for example, and I would like to do it for them.  It is better than the betas, but you still can't access everything from the control panel.

I can only think of one valid reason to need the passwords. That would be if the members needed to be exported from dolphin into another system that does not use the same hash method.

I suppose there could be other valid reasons.

It would be a lot simpler if you just asked your members for their passwords.  Just tell them you need to go look at their private pictures or read their PMs.  I'm sure they'll understand.

Its a pain in the neck, but to do that you can stick your hash into the userxx.php cache file, login in with your password, then delete the cache file for that user after your done. When the user logs back in the cache will be recreated.

The system admin could see everything by going in the database anyway.  I've never had reason to look but I assume PMs are in the database unencrypted.  Throughout the development of the betas , there have been a number of legitimate reasons for the admin wanting to access the accounts - but it has usually been so difficult to be impractical.   You manage your community the way you think best but the admins who have posted here before are not necessarily doing it so they can "look at private pictures" or "read peoples emails".  They might just be trying to fix something that is broken.

Yes Deano, I followed this procedure before and it works, but it is a MAJOR pain - though it is good that method at least exists.

By the way, during the migration, many of my member profile photos did not size properly.  If I had an easy way to access the accounts, I could just jump in there, upload a fresh pic of theirs from the original, then set the avatar properly.   Could someone explain to me how this can be done from the admin panel?  I certainly can't think of a way.

I know i can (through a mod) get access to an account. I'll see about adding it to my D7 version of my Deanos Tools module. I only had 2 more sections to go before i completed it. Guess it won't hurt to add one more feature.