How is the EE database encrypted?
Development and Programming
Hello
I’ve got a developer who is creating a 3rd party app that needs to grab user/password/groupid from a EE database. He wrote the following:
Do you have an idea of the process they (EE) follow to encrypt the passwords? Basically I need to do the same to compare the final values. The columns I’m guessing I have to work with in the exp_members table are password, unique_id and crypt_key – Also, are you aware of a passphrase being used? Or whether the salt is common throughout, or stored with the user?
Any ideas please?
Many thanks, Mark
Moved to Development and Programming by Moderator
Hi, Mark.
EE uses SHA1 for encrypting passwords.
There is also now an auth library (mentioned in the change log) Added an auth library to simplify user authentication.
Not seeing anything in the userdocs about it yet, though. Moving to the Development Forum for additional community support.
Thank you Sue 😊
I will forward to the 3rd party dev and revert.
The second application is running on an Asp.Net framework.
We are able to connect to the EE DB directly through Asp.Net, but hoped to be able to replicate the EE password verification.
Is this possible? Where can I find the EE member authentication code?
Many thanks.
I think you’ll find all the Auth code in /system/expressionengine/libraries/Auth.php.
Can anyone offer me some guidance on what is stored where for SHA1 encrpytion on EE and which parts are needed for a comparison?
When a password is created, is a site wide salt used? or is a salt created with the password and stored within the members table?
I’m desperately trying to replicate the same encrpytion process on a .Net platform.
Many Thanks.