Reading (decrypting) Flarum-passwords with java

jobheger

Hey there,

I started using Flarum a few days ago. Let me start of with some intel. I have been working on a game written in Java. In this game you will need to login with an username and a password. We formally read our members passwords from the IPB 3.4 database. This was done by decrypting the MD5-hashes with a salt-key. Now we would like to use Flarum instead.

Is there anyone who has experience with this?

clarkwinkelmann

jobheger hello and welcome !

Flarum hashes passwords with bcrypt (which is the default PHP password hash method). I have never dealt with them in java, but I expect you will find existing java implementations of bcrypt hash checkers.

matteocontrini

Hashes are not encryption algorithms, so you can't "decrypt" them. You can break them with brute force if you have a lot of time 😁

But in this case I think you just want to log in with Flarum. You should really consider using the Flarum forum API for this. Accessing the MySQL database directly from the application is definitely not a good idea

jobheger

@clarkwinkelmann @matteocontrini Thank you both for your reply. I will do some research on the Forum API and the bcrypt hash checkers.