Reputation: 11
Decryption of hashed passwords
I am working on a website's framework translation. I have translate it from Yii php framework to Laravel. I have got an existing database and I have to provide login access to existing users to the new website. The problem is now I am using Laravel and Laravel does not recognizes the hashed values of the previous framework. i.e the values that are stored in the database hashed by some method in Yii framework. Is there any way to resolve this. I am using Auth::attempt() method in Laravel.
Upvotes: 0
Views: 514
Answers (2)
Reputation: 24121
The Yii framework generates password hashes through the crypt function, and according to the documentation it generates BCrypt hashes. You can check this easily by looking at the hashes, BCrypt hashes start with $2y.
So Laravel should actually be able to check password with your hashes, if you cannot find a method which is integrated in Laravel itself, you can surely use the password_verify() function to check the hashes.
Upvotes: 1
Reputation: 14549
You can't... plain and simple...
hashing isn't encryption. hashing is one way, you can prove this to yourself by taking an md5 or shasum of a large file, since the file's size is larger than the hashes output, by pigeonhole principle hashes can't be restored...
you could try to rainbow table them with password lists, don't, because this is compromising users security.
you will probably have to figure out a way to mash Yii's auth module into Laravel, or use some sort of middle man auth bit... or just make everyone change passwords.
Upvotes: 2
Related Questions
- Generating Random Passwords
- How to use multiple databases in Laravel
- Secure hash and salt for PHP passwords
- Why is char[] preferred over String for passwords?
- Mongo DB and hashed password. Using the same database on another node application
- Using passwords hashed in CakePHP in Laravel environment
- How to use master page of yii framework project in core php project?