I have exported my data from Parse.com but the passwords are encrypted using bcrypt. I will be storing the data in a MySQL database and users will connect over a simple RESTful API. Assuming I capture the username and password, how do I check this matches the stored password?
Asked
Active
Viewed 1,365 times
2 Answers
4
I'm going to go out on a limb here and say that there is no way to decrypt the passwords once they're encrypted with bcrypt - this would be a massive security hole for a myriad of reasons. Here are a couple of links that hint towards this being the case:
https://www.parse.com/questions/encryption-decryption-techniques-provided-by-parse-for-passwords-or-urls We use bcrypt internally to store passwords. However, we don't expose the encrypted version of the password in our API, so you wouldn't be able to decrypt it anyway.
https://stackoverflow.com/questions/35593429/get-parses-user-password-in-decrypted-format
In short, you're going to have to communicate out to your users that they'll need to change their password (or at least confirm it) when you migrate them over to the new service.
I'd suggest a workflow like so:
Inform users that their password needs to be confirmed/re-validated. Up to you whether you inform them that it's due to a data migration, but I usually air on the side of disclosure and honesty. You could do this on a per-user basis or send out a bulk communication.
When a user goes to log into your app next, prompt them to validate their password (or change it). Use the Parse SDK to validate the password, and if authentication is successful, re-encrypt the now-known password using a crypto solution of your choice, then store it in your new BaaS/dB.
If the user cannot validate their password or does not remember, use an email or 2FA verification process to reset their password and store it in the same manner.
Community
- 1
- 1
brandonscript
- 68,675
- 32
- 163
- 220
0
It is impossible to decrypt the passwords.
I strongly recommend you to use parse.com database migration tool to export your data to an external MongoDB. You can use Parse Server to serve the RESTful API. It can be easily done by hosting your own self-hosted server or a Parse Hosting solution like https://www.back4app.com
See all options in the link below: https://github.com/ParsePlatform/parse-server#parse-server-sample-application
Davi Macêdo
- 2,954
- 1
- 8
- 11