The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
||||
|
||||
Trying to Understand SALT and the New Password system
Okay I'm trying to integrate vBulletin with another php app right now and it uses a traditional MD5 hash.
But I'm really confused on what's going on here because I see evidence of double MD5 and single MD5 with salts. Could someone explain to me what's going on and what's happened? I understand the general concept of salt and that's to randomize the password even further. Any information would be nice... (and some directions on pointing me to the right direction would be nice as well ) |
#2
|
||||
|
||||
hmm, the easy way to explain:
$password -> the real password md5($password) -> password in vb2 md5(md5($password) . 'licensenr') -> password in vb3 this is to make all hashe differ on different boards, so even if the real password is identical, the hashes on two different boards aren't |
#3
|
||||
|
||||
Quote:
PHP Code:
|
#4
|
||||
|
||||
nope, $_POST['password_md5'] is already md5'ed (AFAIK) and therefore it already contains the vb2 pw hash
|
#5
|
||||
|
||||
Quote:
|
#6
|
||||
|
||||
i'm 99% sure as the _md5 tells me, it is alreay md5ed
but as the md5ed value is done per JS, you might think of those user which doesn't have JS enabled |
#7
|
||||
|
||||
I'm trying to make sure these are the variables I think they are...
In profile.php, is: $currentpassword_md5 $newpassword_md5 the equalvent of text md5 hashed already too?? |
#8
|
||||
|
||||
yes, _md5 means it has been md5ed one times
|
#9
|
||||
|
||||
Quote:
|
#10
|
||||
|
||||
Quote:
In vB 2.2.0 through 2.3.4, passwords were stored as md5($password). In vB3, passwords are stored two sperate ways. In the database, passwords are store as md5(md5($password) . $salt)) In cookies, I believe they are stored as md5(md5(md5($password) . $salt) . $licensenumber))), although I'm not quite sure on that. |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|