Question

how can I see users' passwords?

Comments

They are encrypted with B-crypt.You can't decrypt them.

Answer 1

No, passwords are encrypted in MD5

Comments

That is incorrect. If you check qa-include/db/users.php (in the function qa_db_user_set_password(), line 209) you'll see that the bcrypt algorithm is used for hashing the password before storing it in the database.

---

As a side-note: passwords are hashed, not encrypted. The difference is that encryption is reversible (you can decrypt the ciphertext with the encryption key) while hashing is not (hash functions are one-way functions).

Answer 2

Find the encrypted MD5 hash in the database and decrypt with https://www.md5online.org/md5-decrypt.html

IMO password hashes should not be MD5 in 2020, when there is SHA

Comments

Thankfully, Q2A already uses bcrypt, so all is well.

---

Yeah..You are right!!!

Answer 3

You can’t. Passwords are hashed using a one-way hashing function, bcrypt (via PHP’s password_hash function). The whole point is exactly so that you can’t get the passwords (if your server/database was hacked for example).

You don’t say exactly why you want to see their passwords but if a user has forgotten their password they can reset it. If that’s a problem for some reason you can generate a bcrypt hash using a known password and put that hash into the appropriate database field.