1

I have programed a Java program which has access to my MySQL database. Currently I am using Joomla as CMS, therefore I would like to program my Java program so it is able to check the user data(of Joomla) to access the database.

If it isn't possible: Which encryption should I use so I can use it later for my websites ?

Right now my program is just comparing if the Strings in user field and password field with the data from the MySQL database.

I am new to Encryption/Decryption. Any tips how I should approach this subject is appreciated.

thanks in advance

greets

THE-E

THE-E
  • 193
  • 3
  • 4
  • 21
  • 5
    You shouldn't encrypt passwords at all. You should one-way hash them. – user207421 Jun 12 '13 at 11:16
  • I will have a look on that subject and will reply as soon as I have little bit more knowledge about it. But Joomla does not use one way hash, does it ? The current status is. Users have been created using Joomla and now I have to check user name and user password to give access to the program. – THE-E Jun 12 '13 at 11:25
  • possible duplicate of [joomla password encryption](http://stackoverflow.com/questions/10428126/joomla-password-encryption) – gbn Jun 12 '13 at 11:39
  • @THE-E: Of course the passwords are one way hashed in Joomla!. Everything else is bad practice. You have to hash the plain password using the user's individual salt and compare the result with the stored hash in the database. – nibra Jun 12 '13 at 16:49

2 Answers2

2

You shouldn't be seeing any plain text passwords in your database. I don't know for sure how older versions of Joomla do it, but the current ones save passwords in the following format:

md5([password][salt]):[salt]

Where you'd obviously replace [password] with the password and [salt] with the salt. For instance you might see the following string in the password field of your user table

dc0ea62a2aebf85100609bb67c6886a8:yh9MbHU5hR6ydbd8mCw6bQzCrRFYEI3E

The part after the colon is the salt, and the part before the colon is the md5 hash of the password and the salt. Now I can tell you that the password here is 'test'. And that the string is: md5(testyh9MbHU5hR6ydbd8mCw6bQzCrRFYEI3E):yh9MbHU5hR6ydbd8mCw6bQzCrRFYEI3E

bjrn
  • 126
  • 4
  • No longer working in Joomla 3.2.1. There is no longer a ":" separating the encrypted password and the salt. – nemesys May 09 '15 at 19:37
  • Yes, they switched over to using bcrypt. My answer above applies to Joomla versions before 3.2. – bjrn Aug 26 '15 at 13:24
0

In essence what you want to do is as follows. when you store the password encrypt it. when a user enters a password in to a form encrypt that, and compare it to the encrypted password in the database.

what you dont want to do, is un-encrypt the stored password and compare it to the form input.

in PHP i use Bcrypt.

as_bold_as_love
  • 216
  • 5
  • 11
  • http://youtu.be/3QnD2c4Xovk Does this video explain the procedure right ? (for my case) – THE-E Jun 12 '13 at 22:47