vb.org Archive
Page 1 of 3 1 23
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   Modification Requests/Questions (Unpaid) (https://vborg.vbsupport.ru/forumdisplay.php?f=112)
-   -   Duplicate users/passwords? (https://vborg.vbsupport.ru/showthread.php?t=60171)

RDX1 01-13-2004 07:02 PM
Duplicate users/passwords?
 
Would anyone be interested in writing a hack for finding duplicate users?

There was a hack written for this by checking the ip's and the passwords, and if two users matched it would so it.

Zachery 01-13-2004 08:38 PM
Quote:
Originally Posted by NerdNations
Would anyone be interested in writing a hack for finding duplicate users?

There was a hack written for this by checking the ip's and the passwords, and if two users matched it would so it.
it wouldnt be a hack so much as a serrious securty issue >.< removing the md5+salts would be the only way to check idential passwords i belive

okrogius 01-13-2004 09:21 PM
Hashing can remain with the same password checking, but unique user salts would indeed have to go.

Zachery 01-13-2004 09:33 PM
Quote:
Originally Posted by okrogius
Hashing can remain with the same password checking, but salts would indeed have to go.
whichs brings up security issues.

now anyone who got the md5 from one site could use it on another vB with the same modifcation made

thus creating an insecure system...

okrogius 01-13-2004 10:24 PM
Quote:
Originally Posted by Faranth
whichs brings up security issues.

now anyone who got the md5 from one site could use it on another vB with the same modifcation made

thus creating an insecure system...
There are no security issues created just by storing passwords even in plain text provided the server(s) is(/are) secured well, and the people who have access to the database are responsible. Granted that will probably not be the ideal aproach in most scenarios, by no way is it just insecure for that.

Whether or not these two (see first sentence) can be aplied to a typical vb user, noting especially how many vbulletins run on shared hosting, that is a whole different story. Do you want to remove an extra safety net in case your well versed technical co-admin places a db backup somewhere without any security (another random example why hashes are there, but note that it does not make not hasing any less secure, it's just significantly harder to "screw up" if the passwords are hashed)?

RDX1 01-13-2004 10:44 PM
I'm not asking to see the actual passwords, just the md5 hashes, so if the user has the same ip, and the same password i can assume it is a double user.

There was a hack made before for vb2, all i'm asking is for a vb3 version.

RDX1 01-13-2004 10:49 PM
<a href="https://vborg.vbsupport.ru/showthread.php?t=36269" target="_blank">https://vborg.vbsupport.ru/showthread.php?t=36269</a>

NTLDR 01-13-2004 10:51 PM
We know that ;) However the probability of two users with the same password actually having the same password hash (due to the salt) system is rather slim. This is where the difficulty lies.

RDX1 01-14-2004 12:37 AM
What's Salt?

And if it can't be done, then just the same ip would be fine.

Zachery 01-14-2004 03:03 PM
Quote:
Originally Posted by NerdNations
What's Salt?

And if it can't be done, then just the same ip would be fine.
the salt is what is generated to dlb encrypt the users password

md5+salt+password and each salt is random


All times are GMT. The time now is 01:46 PM.
Page 1 of 3 1 23
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01571 seconds
  • Memory Usage 1,735KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (4)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete