The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
How 2 encode & display password ?
How 2 encode password from data ?
And how 2 display members password in user manager ? Can u help me answer ? |
#2
|
||||
|
||||
the password is saved as an md5 with salt added to the password.
you cant undo this process, only re-encyrpt when a user submits it, and then compares to the saved version to see if they match. this is a security feature, so that passwords arent sitting around in plaintext should the database get compromised also, i think this is in the wrong forum |
#3
|
|||
|
|||
No way huh ?
|
#4
|
||||
|
||||
nope. i read somewhere that the only way to unencode such a hash requires a super computer and a very long time. although im not entirely sure if the hash is even representative of the entire string, or if it actually truncates since it is not meant to be translated back anyway. its a long complicated mess, as it is supposed to be
again, a security measure so passwords are possible, yet only the supplier of the password can know what it is. in vbulletin, you can only RESET or CHANGE the password of a user, not look it up and tell them what the old value was. So no. The 'forgot your password?' feature in vbulletin should suffice well enough should a user forget what their password was; it will give them a new one and email it to them, to log in and switch back if they so please. |
#5
|
||||
|
||||
actually the correct answer is:
it is mathematically impossible to get the original password back once it is encrypted. that's because md5 is a hasfunction (a so called fingerprint) and not a real encryption function. there can be two different passwords which have the same hash, so as said mathematically impossible to get the original pw back (but it's technically possible to get a pw which will work as the original one, but that's a very complicated process and takes a long time to generate) |
#6
|
||||
|
||||
:-p thats what i always wondered about. if the hash is a 32-char hex number, then there is still a finite (though really large) amount of codes that can be produced, so naturally it has to run out somewhere, if it hasnt already. thus, there has to be multiples at some point, even if they are very very different from each other (say, one string, and an entire program). i guess you just have to limit the amount of acceptable password length and hope theres no two short strings which produce the same thing :-p (hey, even msn does it with THEIR passwords, so we should totally trust them right o.o lol)
|
#7
|
|||
|
|||
now i'm understand ... thanks man !
|
#8
|
|||
|
|||
sounds like you want to hack your members lol
|
Thread Tools | |
Display Modes | |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|