Dave wrote:
> [snip]
>
> I believe I will need to use the new password hashing algorithm, because
> using the old one would require me to reconfigure the PHP code for the
> forum, which would be a level of complexity beyond my capabilities.
>
> So I now understand that I can not decrypt the passwords into any kind
> of plain text and then re-encrypt them. And I also understand that the
> most likely course of action from this point will be to get the users to
> update their passwords.
> However, just to double check and be 100% sure. Is there no way to
> convert directly from one password field to the other? Something where
> I, the administrator, can never see the plain text version of the password?
No, because that would require MySQL to 'see' the plain text version of
the password. For MySQL to do that, the proces would look something like:
PASSWORD()ed password ---> plain text ---> MD5ed password
The first link in that chain is mathematically impossible (even if you
never saw the plain text password, it would have to get to that stage in
order to be put through the MD5 algorithm).
--
Jasper Bryant-Greene
Freelance web developer
http://jasper.bryant-greene.name/
If you find my advice useful, please consider donating to a poor
student! You can choose whatever amount you think my advice was
worth to you. http://tinyurl.com/7oa5s
