> It did change between MySQL 3.2 and 4.1. You need the old-passwords
> configuration directive, it is in the MySQL manual at dev.mysql.com.
Thank you. I believe the old-passwords configuration has already been
set by my web host.
> You can't decrypt the password fields. That's the point of *one-way*
> hashes of the type that PASSWORD() and MD5() use.
I suspected something like this was the case, which was why I wanted to
double check here first. Thank you for confirming.
> You need to either get all your users to reset their passwords, or
> continue to use the old password hashing algorithm until they do.
I believe I will need to use the new password hashing algorithm, because
using the old one would require me to reconfigure the PHP code for the
forum, which would be a level of complexity beyond my capabilities.
So I now understand that I can not decrypt the passwords into any kind
of plain text and then re-encrypt them. And I also understand that the
most likely course of action from this point will be to get the users to
update their passwords.
However, just to double check and be 100% sure. Is there no way to
convert directly from one password field to the other? Something where
I, the administrator, can never see the plain text version of the password?
Dave
