vb.org Archive
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=15)
-   -   md5 security (https://vborg.vbsupport.ru/showthread.php?t=53777)

Serge 06-03-2003 08:57 AM
md5 security
 
When someone users the md5 algourim (sp?) in PHP do they store the md5 word in the sql database and since it is not encodeable when someone inputs a password they run it though md5 and then check to see if the passwords are a match? Is this how it is done? And is this how vBulletin does it?

Davey 06-03-2003 09:11 AM
Yes basically.
When you register, your password is hashed.
It can never be unhashed.
Therefore when you login, your password you enter is hashed and if the two hashes match, it's a password match.

Dave.

PS; SP: Algorithm.

Xenon 06-03-2003 09:15 AM
as for security:
md5 is a standardhashing function, so everyone can use it, and there can be already much lexica's to get the pw from a hash, just because of comparing it with hashes of a word list...

to increase security, you should modify the passwordstring with another value before to be prepared of this problem.
(vb3 does that afaik)

Dean C 06-03-2003 10:26 AM
What if you had two passwords which were the same? Would the hash be the same?

- miSt

Xenon 06-03-2003 10:45 AM
the hash of two identical passwords would alwasy be the same if you use the same hashing function :)

but if you combine the hashingfunction with the userid, it would be possible to get different values ;)

Dean C 06-03-2003 10:53 AM
Hmmm does vb do the latter?

Xenon 06-03-2003 02:15 PM
i don't know exactly but IIRC nope

filburt1 06-03-2003 02:23 PM
FWIW, although hashes are not unique (i.e., two unhashed different strings can create the same MD5 hash), it's extraordinarily, incredibly unlikely that it'll happen.

vB's method:
1. Store an md5 of whatever in the database
2. To authenticate, compare md5(what the user entered on the form) to whatever.

Dean C 06-03-2003 03:22 PM
So if Bob has a password which was "lalala" and Harry had a passwod which was "lalala" also then they would have the same hash?

- miSt

filburt1 06-03-2003 03:26 PM
Yes.


All times are GMT. The time now is 08:15 PM.
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01075 seconds
  • Memory Usage 1,722KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete