Thread:Project:Support desk/How query to show user according user password from user table of mediawiki database/reply

Hi!

According to Manual:User_table user passwords are no longer encoded in the way you think. md5 hashes are insecure and can be broken easily. MediaWiki uses a more secure algorithm, which e.g. avoids reconstructing the password in any way. Salted hashes are the keyword here. If e.g. based on RSA authentication, it is impossible to reconstruct the password within a reasonable timeframe. This is not (only) a security measure against admins, but more against data theft in general: Should your database with the encoded user passwords get lost and/or be stolen, then the thief has to decode each single password on it's own, which is more complex to do with salted RSA keys than with md5 hashes and - since salts are used - the same password each time gives a different string in the DB. So even if two users use the same password, they would still have a different one inside the DB, so that even if one of them got hacked, it only gives access to this one user and not to all, who use the same password.

Long answer short: It is intended that what you are trying to do is not possible.