joomla password encryption

Joomla passwords are MD5 hashed, but the passwords are salted before being hashed.They are stored in the database as {hash}:{salt} this salt is a random string 32 characters in length.

So to create a new password hash you would do md5($password.$salt)

EDIT

Okay so for checking a password, say a user myguy enters the password mypassword, you would retrieve the row from the database that has username myguy.

In this row you'll find a password say 4e9e4bcc5752d6f939aedb42408fd3aa:0vURRbyY8Ea0tlvnTFn7xcKpjTFyn0YT.You split up the password hash and the salt:

$hashparts = preg_split (':' , $dbpassword);echo $hashparts[0]; //this is the hash  4e9e4bcc5752d6f939aedb42408fd3aaecho $hashparts[1]; //this is the salt  0vURRbyY8Ea0tlvnTFn7xcKpjTFyn0YT

now calculate the hash using this salt and the password myguy entered

$userhash = md5($userpassword.$hashparts[1]); // This would be 'mypassword' and the salt used in the original hash

Now if this $userhash and $hashparts[0] are identical the user has entered the correct password.

From joomla Forum, that's what happen behind:

A. Generate a passwordB. Generate a string with 32 random charactersC. Concatenate Password (Step A) and RandomString (Step B)D. Take md5(Result of Step C)E. store Step D Result : Step B Result

Example:

Generate a password - Let 'testing'Generate a string of 32 random characters - 'aNs1L5PajsIscupUskaNdPenustelsPe'Concatenate Password and random string - testingaNs1L5PajsIscupUskaNdPenustelsPemd5(Step C Result) - 5cf56p85sf15lpyf30c3fd19819p58lystore step d:step B - 5cf56p85sf15lpyf30c3fd19819p58ly:aNs1L5PajsIscupUskaNdPenustelsPe

You can find code in Joomla like

$salt = JUserHelper::genRandomPassword(32);$crypt = JUserHelper::getCryptedPassword("testing", $salt);$password = $crypt . ':' . $salt;

Or We can Say

password DB field = md5(password + salt) + ":" + salt 

Where salt is random 32 char string.

thanks

In joomla standard you can create password using the following way

                     jimport('joomla.user.helper');             $salt = JUserHelper::genRandomPassword(32);             $crypt = JUserHelper::getCryptedPassword($password_choose, $salt);             $password = $crypt.':'.$salt;

you mention that you are accessing from external file(or programs) then if you have joomla installation on other side you can access it from outside the joomla structure.

using joomla default frame work like this

define( '_JEXEC', 1 );define('JPATH_BASE', dirname(__FILE__) );//this is when we are in the rootdefine( 'DS', DIRECTORY_SEPARATOR );require_once ( JPATH_BASE .DS.'includes'.DS.'defines.php' );require_once ( JPATH_BASE .DS.'includes'.DS.'framework.php' );$mainframe =& JFactory::getApplication('site');$mainframe->initialise();