vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=15)
-   -   salt, what is it? (https://vborg.vbsupport.ru/showthread.php?t=56060)

ap0c 08-10-2003 02:32 AM
salt, what is it?
 
In the vb3user field, what does salt char(3) represent? :confused:

MaDCaT75 08-10-2003 02:49 AM
pepper?

Link14716 08-10-2003 03:08 AM
Salt is NaCl...

Whoops, wrong salt? Salt is a few screwed up characters that are used for the password hash to make it more secure. I think it's something like

md5(md5($password) + md5($salt))

Erwin 08-10-2003 08:01 AM
It's an additional level of encryption that makes it virtually impossible to reverse an md5 encrypted password.

N9ne 08-10-2003 01:19 PM
I believe there's even more to it than that, I think they mix in the userid too?

ap0c 08-10-2003 01:29 PM
ok, thanks

Link14716 08-10-2003 10:12 PM
Quote:
Today at 10:19 AM N9ne said this in Post #5
I believe there's even more to it than that, I think they mix in the userid too?

Actually, I was slightly wrong.

PHP Code:
if ($bbuserinfo['password'] != md5(md5($password) . $bbuserinfo['salt']) AND $bbuserinfo['password'] != md5($md5password $bbuserinfo['salt'])) 
Close enough, but the salt is only md5's once while the password is md5'd by itself and then again with the salt. :)

N9ne 08-10-2003 11:41 PM
Hmm in functions_newpost.php or something I saw some weird line of a loada md5'ing going on including some other stuff :confused:

Looks like they really kept security in mind when making vB3 :eek:

pie 08-10-2003 11:53 PM
maybe the md5 thing there was for the login on making new posts?

NTLDR 08-10-2003 11:55 PM
Its the posthash I expect, which is used for attachments amongst other things I suspect.

ap0c 08-11-2003 01:26 AM
not entirely on the subject, but is there an easy query to add a vb3phrase instead of using the phrase manager?
I dont like that thing.

Link14716 08-11-2003 02:26 AM
Even if you use phpMyAdmin or a query, you'd still have to edit a phrase using the phrase manager to update its cache.

Freddie Bingham 08-11-2003 04:19 AM
The md5() stuff in functions_newpost.php is just used to make sure you don't double post. It is more robust than using the old query that would compare the post text, title, etc against entries in the database.


All times are GMT. The time now is 07:16 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01326 seconds
  • Memory Usage 1,734KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_php_printable
  • (1)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (13)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete