powered by Jive Software

MD5 Hashing / Plain Text

Hi,

What is the default encryption for openfire because from what ive seen its not MD5.

For example is i use the password: 123456 this is hashed as: 2cff25abd653e05b0075ef57d8437fb14810492bd4f656e8 and then i convert 123456 using a php md5 hasing program and it returns: e10adc3949ba59abbe56e057f20f883e

Is there anyway i can switch the system to use MD5 as all my efforts have failed. I tried:

<provider>

<auth>

<className>org.jivesoftware.openfire.auth.JDBCAuthProvider</className& gt;

</auth>

</provider>

<jdbcAuthProvider>

<passwordSQL>SELECT password FROM user_account WHERE username=?</passwordSQL>

<passwordType>md5</passwordType>

</jdbcAuthProvider>

I also tried:

<provider>

<auth>

<className>org.jivesoftware.openfire.auth.JDBCAuthProvider</className& gt;

</auth>

</provider>

<jdbcAuthProvider>

<passwordSQL>SELECT encryptedPassword FROM jiveUser WHERE username=?</passwordSQL>

<passwordType>md5</passwordType>

</jdbcAuthProvider>

But none of them seem to work, whenever i try to login with SPARK i just keep getting invalid username/password.

Does anyone have any ideas on this one?

Thanks

i am also facing this problem

could anyone help me ?

Hi,

as far as I can tell the md5 implementations of PHP an Java are the same but the string you hash may be encoded different.

Take a look at http://www.webtoolkit.info/javascript-md5.html and try to verify if the Javascript hashes match your PHP hashes or not. It may help to comment the “string = Utf8Encode(string);” line within the code if your PHP code does not use UTF8.

Java uses UCS-16 internally to store strings but I have no idea of Openfire uses UTF-8 or UCS-16 while creating the md5 hash.

LG

openfire’s encryptedPassword that isn’t MD5

http://www.igniterealtime.org/community/message/148183#148183

Openfire uses Blowfish, an symmetric encryption algorithm.

A hash function like MD5 or SHA-1 is an one way function, so it is not possible (*) to decrypt a hashed password. But to support an deprecated protocol Openfire needs decryption.

(*) It is possible to decrypt short passwords that are hashed if no “salt” is used. This is possible through “rainbow tables” and takes a few hours.

Hi vanaf,

the Openfire database does indeed not use MD5. But Openfire can also access external databases (read-only) for user accounts and supports in this configuration plain or md5 passwords.

LG

I’m having trouble with this i cannot make openfire to atuh against a custom database using MD5 hashes in the password fileds. any ideas?

If you already have user in your database, you no longer worried about openfire algorithm. openfire will obtain Your current user and password as read only. so, you may need create your own registration user script