Rebuild passwords

We’re planning to import a database to our system, but we only have crypted passwords in the database, we don’t know the actual passwords. I do know how the passwords are generated (and with what hashes). Is it possible to import the passwords in our system?

New system:
generated as: md5(md5($password).“HK9”)

Old system:
md5($password . “1440d609”)

$password is unknown

How can I generate a encrypted password from the old system that matches the encrypted password from the new system that would generate the perticular password.

I’m guessing you realized it served no benefit to double up on the MD5.
But from my knowledge, there is no way to ‘convert’ it, due to the way encryption works. Every character is different (with the HK9 string) and will be different with the 1440d609 key.

What is really biting you is the doubled MD5.

But how is it possible that vBulletin(.com) can import users from other systems when there’s acces to both databases?

By the way: I also know the generated passwords

I’m assuming you mean the the vBulletin Forum Software itself is capable of importing, lets say, users from PHPbb or a pre-existing membership software.

If that’s the case, then they may be using two tables that ‘map’ to the other. I could explain the theory if needed, but in short. They would have two tables, my_members and vb_members

my_members = uname, upass
vb_members = vbname, vbpass (Or whatever it is)

Then in their login and forum code, they would simply ignore the my_members ‘upass’ and would use their own ‘vbpass’. And whenever a change is made, the system would of course, update all related tables, assuming it also knows the names of the fields.

Basically, you keep track of which usernames used which hash alg.

WHERE user = '$user'
  AND (
      (hash_alg = 'old' AND passwd = '$old_style_hash')
      (hash_alg = 'new' AND passwd = '$new_style_hash')

That means I have to rewrite the code. We’re using vBulletin core. I know they also have importing scripts, so it should be possible to convert the passwords

But I’m actually using vBulletin and they donnot store the old hash or encrypted password

You can’t. The passwords are not encrypted, they are hashed. When you hash, you throw away information, so it is theoretically impossible to go back.