how to hash passwords in phpmyadmin with bcrypt config - mysql

I need some help figuring out how to solve this, here's the thing:
I have imported a list of users from a csv file in my database, however, I want to create some new passwords for all of them using bcrypt, since I'm using laravel and I use bcrypt to store passwords when I create or update a password value from there. So, I don't know if there's any possibility to make a SQL query to hash them all, create a script, or hash them one by one. I'm kinda new to using advanced phpmyadmin functions. All help will be very appreciated.
Thanks in advance

use this function to hash your password

Related

Is there a way to convert sha256 to md5 hashing

I'm trying to import users credentials from one database schema to another one without users needing to create a new password, So first user table (the one I need to import to the new site) uses sha256+salt(I think) and my new site is using md5+salt (I think) I have access to all files and stuff so I could locate the salt that's being used if I can somehow reverse engineer the sha256 to make it md5?
Is there a way to do this? if so how would I approach it?
an example of the password would be:
old site: e3e922af8a36de975983b075b3bf5336bbb26c8008aa5d9b39aef8d85cb7eb32
new site: $S$Dbj.yBTjHV97QNLHwuoykWxzpNL9bxxFl4b8uoP1u1rJzCyDZb.e
I'll appreciate any input, Thank you!
Update: new site uses base64encode + salt which I know what is, just to be clear I'm not trying to actually be able to see their password in plain text, Can I convert sha256 -> base64encode with some mysql commands or something if I know the salt?
Unless you're prepared to crack their password, no, you can't convert as SHA2-256 hash to an MD5 one. You need to know the content that generated the hash in the first place.
When migrating from one hashing type to another the best plan is to normalize all your password hashes into a consistent form first and the Modular Crypt Format is the most widely supported.
If you can wrangle your old hashes into that form then you should be able to use them with password_verify. You can also update user passwords as they log-in by re-writing them with password_hash which uses Bcrypt by default.
Over time you can stomp out old SHA2-256 and MD5 passwords and limit your exposure.

How to implement PASSWORD() method in MySQL and MySQL Workbench

Can someone explain with a simple code how I can use password() method to take 4 digit integer pin from a user and save it in database in a Password format.
PS: I know its not a good mechanism to store password without hashing and salting, but at the moment I have to use Password() method only.
So please give me a working understanding how I can store passwords using the above method in MYSQL Workbench.

How can I find the phpmyadmin SQL password encryption type?

I am very sorry if this has been answered before, but I have searched for 2 days and cannot find the answer. I have 2 databases and I need to import users from the current database to a new one. The new database is for a chat system that has recently bee installed and I would like all users to be added to it.
So I thought I would simply manually add the users in the new database using information from phpmyadmin. But the encryption for the password is a different format and will not work.
For example in the first database the encryption is:
z70I9QINffX2Hh7FxQ==
In the second database the format is:
3eb5c61f784aa3c2e11d879382387d420f7c4ebf
Neither seem to be MD5 and I can't find out which type it is.
I know this is a stretch but does anyone know of a way to detect the type of encryption and how I can take a password, such as 'password' and encrypt it using the correct encryption type?
Thank you
You could try using a generic password for the root user, or logging into mysql as the root user & creating another user manually. Not sure what kind of access you have, but that's been the best bet in my experience.
Hope it helps.
The password encryption mechanism would be stored in the application's code. The 1st example looks like Base64 but can't be sure without comparing others. The 2nd example appears to be SHA1/MySQL5 Sha1(Sha1(pass)).
You're going to have to research the apps that are using these databases and to determine how it's creating and storing these account passwords in the database. Either way, you are trying to link 2-dbs that have different password mechanisms, that might require standardization of the passwords which might mean a password resets.
There is a harder way, you have a database of one-way hashed passwords. It will require a bit of focus in scripting... You would have to generate hashes for the cryptographic hashes used and compare to your users passwords to get the plaintext password. Then you recreate their accounts in the new DB using their passwords to create the new user with same credentials.

How to decrypt SQL passwords?

I add encryped password using this command:
insert into users values ("new#emal.com",ENCRYPT("password"));
Now I have encrypted passwords in that table. Is it possible to decrypt them and if yes how? What kind of algorithm is this?
Somebody hacked something on my server and is sending mails. It looks like that the password of some old accounts was guessed. So I am trying to find out what password I had there (just changed it). So I can see what password I should stop using.
The ENCRYPT() function doesn't work on MySQL running on Windows.
On Unix-style servers it uses the crypt(3) function. This performs a one-way encryption of the text you pass it.
This is not, repeat not, a secure way to store user passwords any more. If you use this on a network-accessible web site, a cybercriminal is almost certain to pwn your users. Please read this for advice: http://php.net/manual/en/faq.passwords.php

How to sign data in MySQL database revision safe (trusted timestamping)?

I am currently planning a project in which revision safety of the database data is important. This means: we want to be able to proof that the data in the database was not tempered with since it was imported - no user changed the value, no db admin logged into the database and changed it.
What is the best way to achieve this?
Till now, I like the idea of signing the database row best: I create a MD5 hash of all the fields in the row, then send it to a timestamping signing server (have a look on wikipedia) and store the created signature with the row. From this time on, we can prove that no one changed the row since this stamp was created.
Any better ideas? And, if you like the idea as much as I do, what timestamp server should I use and how can I access it? The Verisign Timestamp Server seems to be used a lot, but I could not find any documentation on how to use it "raw", e.g. without the Microsoft code signer tools etc.
Thank you!
Time stamp servers are usually not free-to-use.
Alternatively you may use an HMAC-MD5 (or HMAC-SHA1) instead and use a password that is only known to the authorized user. The password is of course not directly used, better via PKCS#5 or at least hashed with a seed. Without the password noone can verify or recreate the HMAC-MD5