Importing users with MD5 salted passwords

Hi all,

I am trying to import users (customers) from another e-commerce solution into CS-Cart Ulitmate. Most of the data is ok, but I am struggeling with the passwords. The passwords are MD5 encrypted (I think) and I got the hash and the salt in excel. I am a little uncertain how to proceed. I assume I have to desalt the passwords and import them “unsalted” into CS-Cart?

Have anyone done this before?

  • Joachim

Why don't you just inform existing customers to request a password reset ? might save you a world of pain.

md5 does not use a hash nor a salt. So if you're having to provide these, then your passwords are probably blowfish (or other) encrypted versus md5.

But @kickoff3pm is right/

Many systems use md5 salted hash. vbulletin forum for example:

Try gain something for your misfortune…

“New Site - Lots of New Features - Sorry your password will need reset, log-in here to reset your password and receive (X BONUS/DISCOUNT) for the inconvenience caused”

Something along those lines, a quick and easy newsletter e-mail to all customers and hopefully get returning customers.

That's simply md5 encoding and md5 encoded value (double call to md5()).

Cs-cart does only uses a single call to md5. I.e. md5(“password”).

Thanks for your replies. Yes I think I will go for an e-mail to existing customers explaining a little bit about the new website and that they must reset their password. :)