vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=251)
-   -   Passwords in plaintext for user migration (https://vborg.vbsupport.ru/showthread.php?t=317647)

Exeter 03-06-2015 03:29 AM
Passwords in plaintext for user migration
 
Is there an easy way to get the passwords in plaintext out of the database of my VB4 install? I have DB access, obviously.

I am migrating to a custom login api. I need to get the passwords in plaintext, so I can re-encrypt them and insert them into the new system.

Is there any documentation for the VB4 login system?

--------------- Added [DATE]1425620464[/DATE] at [TIME]1425620464[/TIME] ---------------

Looks like my choices are to either use VB's algorithm along with the existing passwords in my new design, or ask the users to specify a new password when they log in.

ForceHSS 03-06-2015 04:10 AM
Why not just upload them as they are into the new table

Exeter 03-06-2015 05:55 AM
I'd have to use the exact same algorithm to encode and store the passwords in the DB. That's not necessarily a bad thing, but it limits my options in the new code.

ForceHSS 03-06-2015 08:56 AM
The new system you are going to be using how does it differ from the old one? Is the tables different in any way

Dave 03-06-2015 10:55 AM
What is the point of hashing passwords when you can just "de-crypt" them back to plain-text?
No, that's not possible.

You have 2 options:
- You clone the password hashing function of vBulletin and additionally add your own hashing function on top of vBulletin.
- You use your own password hashing and reset the password of everyone

thetechgenius 03-06-2015 07:19 PM
Like other people said, its impossible to de-hash/de-crypt an already encrypted vbulletin password. If this was easily possible, it would be a very major security issue in the vBulletin Software. When a hacker gain access to a server that running your forum, the first place he goes is MySQL to download a copy of your entire forum database. The hacker then has all Emails and Encrypted Passwords of your forum.

If it was possible to decrypt the passwords easily, most of those email accounts will also be hacked. Not including Facebook Accounts, Twitter, and the list goes on. Because a lot of people use the same password and email for everything in their life.


All times are GMT. The time now is 07:10 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.02454 seconds
  • Memory Usage 1,715KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (6)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete