Password Decryption in YII 2

Hi Everyone,

I am Developing an application, in which administrator can see user’s passwords. I dont know how to decrypt password stored in database. Please guide me.

I am using Yii 2.0.7 advanced template.

Thanks

Why are you doing that?

If you could decrypt passwords, then what good would Yii2 be?

As an administrator, it would be a better idea to have the option of resetting the user passwords.

Actually this is requirement of client. Administrator can create,update of delete an account, Admin can see passwords also, thats why I need this…

Any Clue… how can I achieve this.?

Explain to your client that he can’t have that option.

However, he can change the passwords - and that is all he needs to do, surely?

Password encryption (AFAIK) is a one-way operation. And there are many, many reasons why that is the case.

You could store the passwords in plain text too…

I wonder how secure that would be.

This is why most - if not all - sites have a password reset option.

Simply because they can’t get to the user passwords.

A said jackmoe try to convince your client that this is odd and a big security issue. If the client insist, and I perfectly know that the world is full of stupid people, what you need it is called 2 way encryption.

I don’t know if you use an extension such yii2-user our your own implementation but in general you need to:

override the class method that does the encryption

implement a method that decrypt

You can use openssl_encrypt() & openssl_decrypt(), to chose a chiper method supported by your system you can use openssl_get_cipher_methods().

so just to give a stub code:

function extensionCryptMethod($password) {

	return openssl_encrypt ($password, $method, $secretHashKey);

}


// this is the method you need to show the password to the admin

function passwordDecrypt($password) {

	return openssl_decrypt($password, $method, $secretHashKey);

}

If is possible to override the encryption method everything should work out of the box.

Otherwise use the passwordCrypt to encrypt the password, then at login time is up to you if you want to encrypt login password and see if it match with the one stored in the db or you get and decrypt the db password and see if it match with the one from the form.

Remember to do the necessary modification in all the process where password is involved (like password recovery)

Another option for clear password: you can add a method directly to the user model (extend the user model used by the extension) which even if it get separated from the crypt method, probably is a better solution:

public function getClearpassword() {

	return openssl_decrypt($this->password, $method, $secretHashKey);

}

then you can access to the clear password just by echo $user->clearpassword; where $user is an instance of the user model.

As last suggestion set $method and $secretHashKey as parameter in you app configuration (always better to keep these centralized). Once in production do not change them otherwise people will need to do a password recover to access again.

Why do we have to use password hashing instead of 2 way encryption?

It’s partly because we have to protect our customers (the administrators of the system) against the possible claims from the end users.

In a system that uses password hashing the administrators have no means to get the passwords of the end users. Is this a drawback? No. It’s intentionally designed like that. In a system with this schema, the administrators will be able to argue that they are not responsible for the possible leak of the end user’s password. “You say that someone has stolen your password? Well, I’m sorry for it. But it could not be us, since it’s technically impossible for us to get your password.”

2 way encryption for passwords is dangerous not only for the end users, but also for the owner of the system.

Because if the client, which is the one that pay you, after all the explanation that is a bad idea for security, privacy and another 1000 reason still ask for it you have 2 choice:

you do it and get paid

you don’t it and lose the money, or if you work for a company that has a contract with this client get fired.

The software development world is full of example of bad practice due to client request which are irremovable, the last word is up to the people that pay.

In this case, if you want to get the money, the only think you can do is 2 way encryption, which is still better than plain text (at least if someone access to the database do not get the password)

Naturally if you follow a minimum of procedure, you will have the client sign the user requirement in which you specify that 2 way encryption is a specific request of the client and afterward you explain why it is a bad idea.

Yeah, money matters, indeed.

And I think that there should be certain situations where the 2 way encryption (or even a plain text) should be the right choice both for the host and for the guests of the system. Password resetting through e-mail could be a difficult process to follow for some people, for example.

Yes, money matters. I am using two way encryption. Thanks a lot.

I tried to convince a lot, but they said its their requirement and they are ready for consequences. So I did two way encryption, instead of plain text.

Since they will use this application offline, password resetting through email is not an option.

Thanks a lot all of you…

You can reset the password by using change password option on user request. No need of email here. Viewing users password is one of ugly thing ever.

You can make an option for admin - login as user.

yes indeed but it was clients requirement, its resolved now… I used two way encryption.

Thanks for the help.

Many people re-use passwords for various things from work related to Facebook, it’s unethical to have the ability view them. It’s also a large security issue for the company and its users. Where is the key being stored? In plain text in the web.conf file?