Intellipaat Back

Explore Courses Blog Tutorials Interview Questions
0 votes
2 views
in SQL by (6.1k points)
The developer who created a platform which my company is using is no longer working for us and I don't know how I can retrieve the passwords from a custom PHP application.

When I am looking in the PHPmyAdmin I see the passwords are encrypted (eg *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19)

How can I change or retrieve these passwords?

2 Answers

0 votes
by (12.7k points)

If a proper encryption method was implemented, it's not going to be possible to easily retrieve them.

Simply reset them with new passwords.

The string looks like it is using PASSWORD():

UPDATE user SET password = PASSWORD("newpassword");

If you want to explore more about SQL then do check out the SQL Certification course by Intellipaat.

You can check out the below MySQL Tutorial video for better understanding.

0 votes
by (1.9k points)

Understanding MySQL Password Storage

Hashing vs. Encryption:

Hashing: This is a one-way function, such as SHA-256, that transforms data into a fixed-size string such that it cannot be turned back into the original value. Thus, if passwords are hashed, they can never be retrieved.

Encryption: This process allows the data to be turned back into its original form using a key, for example, AES.

Steps to Deal with Encrypted Passwords

Determine how the passwords are stored-whether as hashes or encrypted.

Extract Passwords: Using SQL, execute a query to retrieve the encrypted passwords from the database.

SELECT password FROM users WHERE username='your_username';

Decrypt if Encrypted: If the passwords are encrypted, apply the correct decryption function.

SELECT AES_DECRYPT(password_column, 'your_secret_key') FROM users;

Reset Passwords: For the users, provide the option of resetting passwords, in case decryption is impossible. To change a password directly, you can make use of the following codes:

UPDATE users SET password = 'new_hashed_password' WHERE username='your_username';

Conclusion

If the passwords are hashed, then it is not possible to recover them. If the passwords are encrypted, then one has to find the encryption method as well as the key; if these cannot be accessed, then it is always best to reset the passwords.

Related questions

0 votes
1 answer
asked Jul 10, 2019 in SQL by Tech4ever (20.3k points)
0 votes
1 answer
0 votes
1 answer
0 votes
1 answer
asked Jan 6, 2021 in SQL by Appu (6.1k points)

1.2k questions

2.7k answers

501 comments

693 users

Browse Categories

...