Replication of xcart blowfish algorithm

Question

Let me rephrase what I'm trying to do below. I have a password that has been encrypted by blowfish algorithm in x-cart saved in the database as 67mklmkl5470dflmgrs for example.

I have the blowfish key from my x-cart installation and an encrypted password. Simply I want to find out what this password is as the user inputs it. Is there a function to insert this info and get the original password out?

Can someone guide me on how to do that, please? Thanks.

...Edited to refine my requirements on 4th July

---

I have an issue where I am copying login information from one database to another database. I am exporting username and hashed password from xcart into a username and password field in the new database table so that users who have already signed up in my xcart site will automatically have an account on this new site.

I want to use the same hashing algorithm that xcart uses for anyone who creates a new account on my new site and obviously in the new site's log in process so that the value of the passwords hold true.

Does that make sense?

Can anyone explain how I could replicate my xcart hashing?

Thanks. DS

Answer 1

Assuming you copy everything from the table in the first site to the new table in the new site as is and implement the same algorithm, you should be OK. Note however that blowfish is a keyed, symmetric block cipher, and not ahashing algorithm. This means that you must be using some key to encrypt the password, which would make the entire set of passwords recoverable would the key be stolen. I would advise using a hashing algorithm such as SHA512 so as to ensure the passwords will never be readable. To be able to move to the new scheme without disturbance to the users, you can decrypt the passwords using the key in your possession then hash them and use hashing from then on in lieu of symmetric encryption.