View Full Version : vBulletin encrypted passwords
Osterling
12-04-2006, 11:32 PM
How does php encrypt the passwords? For instance, on a site I am building I use sha1() to encrypt the passwords.
akanevsky
12-04-2006, 11:49 PM
How does php encrypt the passwords? For instance, on a site I am building I use sha1() to encrypt the passwords.
vBulletin uses md5() to encrypt the passwords.
Osterling
12-05-2006, 12:08 AM
So if instead on my register script, I use md5() to encrypt users passwords, a user who registers using my script will be able to login to my vbulletin forum using the same username and password?
Paul M
12-05-2006, 12:33 AM
No, it doesn't just hash the password, there is a random "salt" used as well.
Osterling
12-05-2006, 01:22 AM
Okay.. well, I have a site that already has a member system and my objective is to make it so users need not to register two accounts and login twice. If I change my encryption to md5(), what else do I need to do? I am not familiar with salt.
Dismounted
12-05-2006, 03:25 AM
This is how vBulletin encrypts passwords:
String (eg. test)
MD5 The String (098f6bcd4621d373cade4e832627b4f6)
Add Salt to End of the Hash (If salt is 1234 then the result would be 098f6bcd4621d373cade4e832627b4f61234)
MD5 The String w/ Hash (260cac331a7b9d4416cd11146d39b33d)
That's how I remember it, feel free to correct me. The salt is a random string determined at registration. It is located in the table "user" in a field called "salt".
vBulletin does not encrypt passwords! :)
Encryption is the process of storing the orginal data in such a way that a cypher can later decrypt the information so it can be used in it's orignal form. Encryption is something that you would only use in a case where you needed to share certain information with a group of people without having that information getting to people outside of that group.
What vBulletin uses for passwords is called a hash function, which is nothing like encryption. You can not get the orginal data from something that was ran through a hash function. Instead you take new input from the user (the password) and run it through the hash function, then you attempt to match the output from the new user input with older user input that is stored in another location. If both hashes match then the user has provided the correct input and will be allowed to log-in, if not the input he provided is wrong and you deny his log-in.
You see encryption is rather useless when it comes to passwords because the user should already know his password.
vBulletin® v3.8.12 by vBS, Copyright ©2000-2025, vBulletin Solutions Inc.