Is there a mod where you can Record the users passwords? or can some one make one?
No... I don't believe there is such a mod. What would be the purpose of such a mod?
The users passwords are currently stored in the database in md5 encryption format. This is to prevent any hacks and trying to crack passwords. toring the actual password is not very wise IMO.
That is, if im correct, against the Data Protection Act of 1998 or a similar act... might be the internet one... *shurgs*
*Dale shoots the important person who told him that information*
You can actually find out user's password through brute force cracking. But this would take quite a while and use ton's of resources.
Plus it's not good to store them in normal text format.
I am not 100% sure but I do not believe the Data Protection Act of 1998 requires passwords to be encrypted. I hope no one is willing to make such a mod, though, without a good reason being given. At this point I see no reason for needing to know users' passwords.
One note for anyone interested: I thought the DPA of 1998 only applied to the UK but the UK figured a way out to bring most sites into the scope of their law:
Quote:Website operators established outside the UK that use a computer hosted inside the UK to collect personal information, or where the operator places a cookie on the computer of a UK Internet user, are also subject to the Act.
decswxaqz Wrote:You can actually find out user's password through brute force cracking. But this would take quite a while and use ton's of resources.
Plus it's not good to store them in normal text format.
I think md5() ecryptions cannot be "un-crypted".
un-crypted, no. But that doesn't mean it can't be cracked. It would take a lot of work or password guesses till you find one with an md5 that is the same as the orignal md5'd password though.
Unless of course you are from my realm which says md5 can't be brute forced ever with 100% accuracy. The md5 alogorithm returns a 32 character long hexidecimal type string (any number 0-9, and any letter a-f). That leaves for about 3.403e+38 return possibilities. I won't waste my time proving it, but I know there are more than 3.403e+38 possibilities that could be inputted into the function
In summary, you could actually sign into your account using another password... if you knew two strings that would md5() into the same hash.
Did I lose you?
Single answer cryptography will always be open to brute force. Using Mysql's password function, or md5 will always be open to this.
And let's not forget that most people use a dictionary word, still. So running through a dictionary file WILL return at least one password. And if people decide to use only one password, getting that one password is all they need.