[Mediawiki-l] extract user account from database

Michael Rosenthal rosenthal3000 at googlemail.com
Sat Jan 9 14:50:48 UTC 2010


> I'd need to get the passwords either in md5 hash or in clear.

Storing the password in plain text or as an md5 hash is a security
risk. It is very easy to find a password collision (a password with
the same hash) once you got its hash.

>I checked
> out the manual [1], password aren't stored as simple MD5 hash, an
> additional string is added. Is there a way I can convert them into
> regular hash of the password?

No, that's called security that not everyone who has access to the
database can see the user passwords. Therefore a salt is added. If you
don't know the password there shouldn't be any ways to get it.



More information about the MediaWiki-l mailing list