Decrypt and move rc4 encrypted password to Wordpress wp_user table?

Asked Jul 04 '13 at 08:08

Active Apr 28 '14 at 08:03

Viewed 853 times

I have RC4 encrypted data stored in a MySQL table that I need to move to the wp_user table and store as a Wordpress encrypted password. These are passwords so I'd prefer to move them securely, but I'm open to any suggestion.

This data was originally stored from a custom built Wordpress user management plugin that we've lost the developers for. Now we are attempting to move the users over to a Wishlist Member solution which stores them as regular wordpress users. I want to be able to change out the system without having to ask all the users to reset their passwords.

The old user data is encrypted as a hashed password concatenated with the encryption key. Below is the code sample that decrypts the secure data. I have the encryption key,

$secure_data = unserialize(
    rc4crypt::decrypt(
        $this->data->password . OLD::ENCRYPT_KEY,
        $this->data->secure_data)
    );

Any suggestions on how can I move this data into user_pass of wp_users?

edited Apr 28 '14 at 08:03

VH-NZZ

5,248
4
31
47

asked Jul 04 '13 at 08:08

smur256

You can't unencrypt hashed password. Encryption <> hashing – gbn Jul 04 '13 at 08:15
1

@gbn But RC4 is a cipher, not a hash function. This is of course an extremely silly way to store passwords. – ntoskrnl Jul 04 '13 at 10:50
Read up on the standards of passwords and what representations thereof to store. That should put you on the right track. – VH-NZZ Apr 28 '14 at 08:04

Decrypt and move rc4 encrypted password to Wordpress wp_user table?

0 Answers0