Hi,
How do I find what my MacScripter password is? I want to compare it with what is in my Keychain Access. Ray, can you send it to me if there is no other way.
Thanks,
kel
i don’t know (and can’t find out) what your password is, but by clicking on your own name you enter a page where you can change it. I don’t think there’s any check that the password you enter is different from what was there. I’m pretty sure Ray can’t see your password either.
Hi,
in SQL databases passwords are usually saved as hash values and no forum owner should be able to see any password of the registered users
Hi Stefan,
So what you’re saying is that the stored password in Keychain Access won’t match the real password because it’s a hashed password. Interesting.
Hi Adam,
Yes, I guess I could go to the page and say that I forgot my password. Although, I never remembered what it was in the first place. 
Machines will rule the world some day! 
Edited: I see now. If I say that I forgot the password, then the machines will send me a new one. What to do …
Have a good day,
kel
No, the password in Keychain Access is clear text although it’s of course internally encrypted.
When you’re going to register to an online service your submitted password is hashed and the value is saved.
Every time you log in, the currently entered password is also hashed and the hashes are checked for equality.
Good hash algorithms don’t provide to convert a hash to clear text, you can only compare hashes
Hi Stefan,
I think I see. So the internet password in Keychain Access is the password I should use in the form. That’s what I’m saying is the real password. i.e. the one you use in the form. I thought it looked funny and that’s why I wanted to know what the real password was. So, I can use the password in Keychain Access as the real password.
Edited: I mean not stored, but what is shown in Keychain Access when I get the password. Think I got it now.
Thanks a lot,
kel
Like most BBs, this version of FluxBB stores just an MD5 hash into a varchar field, it’s not the result of the PASSWORD() function. This way the BB is less database depended and the hashing is done by PHP itself.
For the curious once:
According to the source code of MySQL, the PASSWORD() function is actually a macro of SHA1->UNHEX->SHA1.
Hi DJ,
You are a wealth of info. I was curious about the type of encryption. With ‘openssl’ there is sha1, but what is UNHEX? I need to read up on sha1 obviously.
Thanks a lot,
kel
UNHEX is a function in MySQL. SHA1 function will return a string containing hex characters, it will unhex it first creating a binary object and SHA1 it again. This kind of passwords consiste mostly out of non printable characters making the lookup in the sha1 reversable websites (almost) impossible.
set pwd to "Hello World!"
do shell script "/bin/echo -n " & quoted form of pwd & " | openssl dgst -sha1 | xxd -p -r | openssl dgst -sha1"
note: You need /bin/echo because the built-in echo command of bash always prints a newline at the end.
is the same as in MySQL:
SELECT PASSWORD('Hello World!');which is the same in MySQL as:
SELECT SHA1(UNHEX(SHA1('Hello World!')));Then it’s strongly recommended to use BCrypt hashing (available in php ≥ 5.5 but can be easy implemented in earlier versions) which cannot be decrypted to clear text.
Thanks, I wasn’t aware of that. My own server is still using 5.3 so I wouldn’t know. But thanks for the heads up so I know what to do when updating to a higher version of PHP.
In PHP 5.3 you could use this library
password.php at master · ircmaxell/password_compat
which provides the same functionality as the builtin version in 5.5
see also this article on stack overflow
How do you use bcrypt for hashing passwords in PHP? - Stack Overflow
Thanks again Stefan.
Hi Stefan,
Yeah, nice link although a lot of it is above my head. It does give a lot of things to look into.
Personally, I just look into info on storing passwords on my own computer, so what I use is getting the password without storing it on the machine. But, that php thing is interesting. I suppose you need to take classes on that.
One semester, I had four ics classes and they weren’t easy I tell you. On top of that, I got into a bad car accident. Tried to drop a couple of classes, but the Pascal teacher wouldn’t let me. I think because the class was small, she didn’t want to lose money or something.
Maybe someday I’ll learn all this stuff.
Thanks,
kel
Just remembered that I can look at the password in Safari Preferences and compare with the Keychain Access password. :rolleyes: