Magento Customer Password is encrypted with the below code

Magento Customer Password is encrypted with the below code

It does use Md5. Here is the code:

public function getHash($password, $salt=false)
{
if (is_integer($salt)) {
$salt = $this->getRandomString($salt);
}
return $salt===false ? md5($password) : md5($salt.$password).':'.$salt;
}

So, in the database it is stored as this: [md5]:[salt]

3 thoughts on “Magento Customer Password is encrypted with the below code”

  1. Thanks, great, just one thing – what is the default salt phrase? Is it an MD5 version of the plain text password? This is what it looks like. I’m having trouble getting some plain text passwords converted..

  2. John,
    There is no default salt, At the time on Magento installation, this will be generated, or you can select you own.
    You can get this from configuration xml file
    Steven

Leave a Reply

Your email address will not be published. Required fields are marked *

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Anti-spam image