Customer password migration from WordPress to PrestaShop

[Es Club Shop]

Hello,

I would like to move a web shop from WordPress to PrestaShop. I need to save the customer passwords. Is it possible? If yes, how?

[selectshop.at]

Better you use a cart migration service in this case. https://www.shopping-cart-migration.com/

 

For to import encrypted passwords via csv, you first need to decrypt all the passwords in a readable text, than import them via csv to your database. If your database is using salt, than you need to decrypt them not only with a sha decrypter tool, but also with a salt and sha decrypter. I don't know any which really works. Salt encryption is a random encryption, very difficult to decrypt.

[Es Club Shop]

Hello,

Thank you for the information. I do not want to use Cart2Cart. I prefer to do everything by hands. Is it the only one variant to move the customer passwords? And I want to move the old orders in the customer profile. Did anyone do that before?

[selectshop.at]

Hello,

Is it the only one variant to move the customer passwords?

Yes, it is the only way, cause wordpress encrypt the passwords and Prestashop encrypt them as well, therefor you need to decrypt them, so that Prestashop encrypt the blank text again into Prestashop encryption mode. If you use hashes, so Prestashop wil encrypt the hashes, which are not readable, i.e. which are not the real passwords, and they will not work.

[Es Club Shop]

Ok. I will try and see how is it. Thank you again!

[DataKick]

Ok. I will try and see how is it. Thank you again!

 

Don't even try it. The passwords in wordpress are not encrypted, they are hashed. (the same applies to prestashop) That means that there is no other way to get plain text password other than brute force.

 

A password with length 8, based on alhpanumeric + special characters, has 1127875251287708 combinations. If password is encrypted using md5 (wordpress default), it which could take up to 4 years to crack.

 

If user used 9 characters in a password, the encryption would take about quarter of a millenium.

 

it's just not possible to decrypt all the passwords. 

[selectshop.at]

@ DataKick. what is hashed ? Is a cryptographic function and as well part of encryption standard.https://en.wikipedia.org/wiki/Secure_Hash_Algorithms

As told before, if also salt is used than decryption would be difficult, but not impossible.

 

Generally speaking,decryption is not possible. SHA is a cryptographic hash function, so the intention of the design was to avoid what you are trying to do. BUT

you cannot say that it is impossible at all (only in our world with limited resources it is). If you have a simple SHA1 hash, you could decrypt it if you guess what has been encrypted. But this is of course not efficient.

[DataKick]

@ DataKick. what is hashed ? Is a cryptographic function and as well part of encryption standard.https://en.wikipedia...Hash_Algorithms

As told before, if also salt is used than decryption would be difficult, but not impossible.

 

SHA stands for Secure Hash Algorithm. Hash means it's a hash, not an encryption algorithm. Therefore there's no decryption method. The only way to get original password is to use brute force, and that could take thousands of years, depending on password length, used characters etc. The salt does not add any more difficulty here since we know it's value. If we didn't know the salt value than we would be really screwed.   

 

Moreover, hash algorithms tends to collide -> there can be many input plaintexts that results with the same hash. So, even if you find (some) plaintext by brute force, it doesn't mean you have found the original password. You probably did, but there's no guarantee.  

 

Also, wordpress by default uses md5 hash, not sha. But that doesn't matter at all. It's still a hashing algorithm. 

 

@Es Club Shop - if you want to keep your passwords, instead of going this nonsense  brute force route, just hire a developer to change prestashop's authentication mechanism according to wordpress.