View Full Version : How does vBulletin encrypt passwords?
HabboHut
10-28-2007, 04:00 AM
I'm mucking around with AJAX at the moment, and want to make a quick register tool. Only thing is, I don't know how vB encrypts passwords. I'm assuming it would be using MD5, but I don't know if salts are involved >_> Any light shed on this mystery would be helpful!
Thanks! :)
Adrian Schneider
10-28-2007, 04:10 AM
The password would be represented like this in MySQL: md5(concat(md5('password'), user.salt);
HabboHut
10-28-2007, 04:12 AM
Ah, thought there might be a salt involved... Trouble is, where is it defined?
Adrian Schneider
10-28-2007, 04:13 AM
user table, salt column
Chris M
10-28-2007, 04:14 AM
Each user has their own individual salt - This is created when they register and is stored in the user table in the database :)
Chris
HabboHut
10-28-2007, 04:15 AM
Oh ok! So, if I first generate a random string (an equal length to the normal salt), apply it to the MD5 function, and then insert both the password and the generated salt into the database, will everything work ok?
Michael Morris
10-28-2007, 04:52 AM
Client side you simply md5 it. Salting is applied server side. If you are replacing the vb registration routine the formula is
md5(md5(originalPasswordString) + salt)
That's what is stored in the database, along with the salt.
Marco van Herwaarden
10-28-2007, 11:59 AM
Just use the DataManager to create the user. Salt will be created automatically.
vBulletin® v3.8.12 by vBS, Copyright ©2000-2024, vBulletin Solutions Inc.