Dizkus

Hi all.

A project that I am currently tied to is using both PostNuke and Java (specifically JXTA and JDBC) together. The problem that I am encountering at the moment is which modules in PostNuke handles password authentication and the encryption process used.

I have seen some of the source modules where it appears to be using MD5 encryption of user passwords; in other moduels, I've seen Mersenne Twister algorithm being used. When a user registers as a PostNuke user, is his password encrypted in MD5, is his password encrypted using the mt_rand() function in PHP, a combination of the two, etc? Which modules should I be looking into in order to configure a verification process that will work like the PostNuke password comparison/validation mechanism? After encrypting the password through PostNuke, does MySQL turn around and encrypt the ciphertext from PostNuke as well (what I mean is, the users plaintext ---> MD5 or mt_rand() ciphertext ----> crypt3() ciphertext)?

I'm sure this is a pretty odd question to be asking here. Any help, though, would be much appreciated since it's been close to two weeks now with no breakthrough at all.