vb.org Archive
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   Trying to Understand SALT and the New Password system (https://vborg.vbsupport.ru/showthread.php?t=62703)

ManagerJosh 03-20-2004 05:55 PM
Trying to Understand SALT and the New Password system
 
Okay I'm trying to integrate vBulletin with another php app right now and it uses a traditional MD5 hash.

But I'm really confused on what's going on here because I see evidence of double MD5 and single MD5 with salts.

Could someone explain to me what's going on and what's happened? I understand the general concept of salt and that's to randomize the password even further.

Any information would be nice... (and some directions on pointing me to the right direction would be nice as well :) )

Xenon 03-20-2004 06:01 PM
hmm, the easy way to explain:

$password -> the real password
md5($password) -> password in vb2
md5(md5($password) . 'licensenr') -> password in vb3

this is to make all hashe differ on different boards, so even if the real password is identical, the hashes on two different boards aren't

ManagerJosh 03-20-2004 06:10 PM
Quote:
Originally Posted by Xenon
hmm, the easy way to explain:

$password -> the real password
md5($password) -> password in vb2
md5(md5($password) . 'licensenr') -> password in vb3

this is to make all hashe differ on different boards, so even if the real password is identical, the hashes on two different boards aren't
so if I just took this..

PHP Code:
$hashedpassword md5($_POST['password_md5']); 
it would give me the exact same MD5 hash as in vB2.x?

Xenon 03-20-2004 06:13 PM
nope, $_POST['password_md5'] is already md5'ed (AFAIK) and therefore it already contains the vb2 pw hash

ManagerJosh 03-20-2004 06:26 PM
Quote:
Originally Posted by Xenon
nope, $_POST['password_md5'] is already md5'ed (AFAIK) and therefore it already contains the vb2 pw hash
How confident are you that $_POST['password_md5'] is already MD5ed?

Xenon 03-20-2004 09:39 PM
i'm 99% sure as the _md5 tells me, it is alreay md5ed ;)

but as the md5ed value is done per JS, you might think of those user which doesn't have JS enabled

ManagerJosh 03-20-2004 10:04 PM
I'm trying to make sure these are the variables I think they are...

In profile.php,

is:

$currentpassword_md5
$newpassword_md5

the equalvent of text md5 hashed already too??

Xenon 03-20-2004 10:12 PM
yes, _md5 means it has been md5ed one times :)

ManagerJosh 03-20-2004 11:30 PM
Quote:
Originally Posted by Xenon
yes, _md5 means it has been md5ed one times :)
Thanks for taking the time out of your schedule to answer my questions Stefan :D

Link14716 03-20-2004 11:39 PM
Quote:
Originally Posted by ManagerJosh
Thanks for taking the time out of your schedule to answer my questions Stefan :D
In vB 2.0.x and below, passwords were stored as $password.

In vB 2.2.0 through 2.3.4, passwords were stored as md5($password).

In vB3, passwords are stored two sperate ways. In the database, passwords are store as md5(md5($password) . $salt)) In cookies, I believe they are stored as md5(md5(md5($password) . $salt) . $licensenumber))), although I'm not quite sure on that.


All times are GMT. The time now is 10:00 AM.
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01055 seconds
  • Memory Usage 1,738KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_php_printable
  • (4)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete