A question about password encryption
I am preparing to create a few web applications. Currently, we have a Vanilla forum set up, and we want to be able to use the same password across the spectrum for all of our services.
I am preparing to write a login screen for the other services (The first one will be a sort of profile page) using Django. I want to use the existing username/password pairs that are stored in the database for Vanilla. To do this I need to know how they are encrypted so that I can do proper comparisons for authentication.
I have started digging through the Vanilla code, but it is a little complicated (the framework doesn't make digging so easy, and I am not great with PHP). :-)
Any suggestions on this topic would be very appreciated.
Even a pointer to which files are involved in authentication would be a help.
Answers
I'm pretty sure that the passwords are hashed. Username is left plain text. Hashing != encryption.
Perhaps "encoded for storage," is a better way of wording it. I am looking at PasswordHash.php now. I am only "rejecting" your answer because I am still digging for info and if someone has more to add, I don't want them to pass over the question because it is marked answered ^^;
p.s. Thanks for the response though. It was quick.