Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.
0 votes
838 views
in Themes by
by
+1
They are encrypted with B-crypt.You can't decrypt them.

3 Answers

–1 vote
by
No, passwords are encrypted in MD5
by
+1
That is incorrect. If you check qa-include/db/users.php (in the function qa_db_user_set_password(), line 209) you'll see that the bcrypt algorithm is used for hashing the password before storing it in the database.
by
+1
As a side-note: passwords are hashed, not encrypted. The difference is that encryption is reversible (you can decrypt the ciphertext with the encryption key) while hashing is not (hash functions are one-way functions).
–1 vote
by

Find the encrypted MD5 hash in the database and decrypt with https://www.md5online.org/md5-decrypt.html

IMO password hashes should not be MD5 in 2020, when there is SHA

by
Thankfully, Q2A already uses bcrypt, so all is well.
by
Yeah..You are right!!!
+5 votes
by
You can’t. Passwords are hashed using a one-way hashing function, bcrypt (via PHP’s password_hash function). The whole point is exactly so that you can’t get the passwords (if your server/database was hacked for example).

You don’t say exactly why you want to see their passwords but if a user has forgotten their password they can reset it. If that’s a problem for some reason you can generate a bcrypt hash using a known password and put that hash into the appropriate database field.
...