vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   MD5 and Salt (https://vborg.vbsupport.ru/showthread.php?t=81728)

JayJay 05-19-2005 01:27 PM
MD5 and Salt
 
Is there any way to change the current salt to something different? And if so, how would I go about doing this?

Would I need to change the following in functions_user.php:

Code:
// ###################### Start makesalt #######################
// generates a totally random string of $length chars
function fetch_user_salt($length = 3)
{
        $salt = '';
        for ($i = 0; $i < $length; $i++)
        {
                $salt .= chr(rand(32, 126));
        }
        return $salt;
}

Marco van Herwaarden 05-19-2005 01:43 PM
The salt is randomly generated for each user and stored in teh user table. Why you would want to change that?

Zero Tolerance 05-19-2005 01:58 PM
Well, if you wanted you could change it, if you wanted to change the length, change:
Code:
$length = 3
to your number, like: $length = 5.

If you wanted to change the characters contained within the salt, then change this line:
Code:
                $salt .= chr(rand(32, 126));
I don't really recommend changing anything though, i see no reason as to why it would needed to be changed.

- Zero Tolerance

Colin F 05-19-2005 02:17 PM
I'm not sure if your users wouldn't have to reset their password if you change the salt though...

Zachery 05-19-2005 02:31 PM
Quote:
Originally Posted by Colin F
I'm not sure if your users wouldn't have to reset their password if you change the salt though...
Should be fine, salt is only generated on register or password change, it shouldn't matter in the long run..

Colin F 05-19-2005 03:21 PM
Quote:
Originally Posted by Zachery
Should be fine, salt is only generated on register or password change, it shouldn't matter in the long run..
sure, but isn't the encrypted passsword in the database md5'd with salt?

If so, and you change the salt of a user, it wouldn't be able to match up the passwords, I'd think.

Zero Tolerance 05-19-2005 09:57 PM
Quote:
Originally Posted by Colin F
sure, but isn't the encrypted passsword in the database md5'd with salt?

If so, and you change the salt of a user, it wouldn't be able to match up the passwords, I'd think.
Yeah changing the users salt would mess things up, however changing that (the above code) would only affect new registered users.

- Zero Tolerance

Zachery 05-19-2005 10:04 PM
Quote:
Originally Posted by Colin F
sure, but isn't the encrypted passsword in the database md5'd with salt?

If so, and you change the salt of a user, it wouldn't be able to match up the passwords, I'd think.
Like ZT said.

AN-net 05-19-2005 10:47 PM
so everytime a password is reset or changed the salt is changed?

Zachery 05-19-2005 10:50 PM
Quote:
Originally Posted by AN-net
so everytime a password is reset or changed the salt is changed?
Hmm Not sure actually, take a look at the function I think it only counts for new salts.

Paul M 05-20-2005 12:41 AM
Quote:
Originally Posted by AN-net
so everytime a password is reset or changed the salt is changed?
Nope - it's created when you register, and that's it.

AN-net 05-20-2005 02:05 AM
k, kool;)


All times are GMT. The time now is 01:14 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01110 seconds
  • Memory Usage 1,737KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (3)bbcode_code_printable
  • (6)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (12)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete