The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
|
|||||||
|
#2
03-11-2009, 06:32 AM
|
|||
|
|||
Not unless you have a super computer and a lot of free time with some luck mixed in.
Its my understanding that they are double md5'd with a unique salt per user to prevent such trickery, though i'm not certain if thats the case or not. 
|
|
#4
03-11-2009, 08:08 AM
|
||||
|
||||
|
No. There's no modification for this. Because the passwords aren't store as "plain text". Passwords are stored as encrypted text with a method of encryption called "MD5". MD5 is known as an irreversable encryption. Basically, there is no way to decrypt it. A sort of "separate the lock from the key" approach toward encryption. Very much NOT useful for encrypting documents of any kind, but VERY useful for passwords.
Take for example, the word "password". It is hashed out into a 32 character value through the MD5 function and becomes... 5f4dcc3b5aa765d61d8327deb882cf99 vBulletin adds more security through obscurity to that! It then takes this 32 character value and adds a randomized salt (which is stored in the database for every user) to the end... A salt is a 3 or 4 character set of randomized symbols that looks like =!q 4g* so you get 5f4dcc3b5aa765d61d8327deb882cf994g* It then hashes the MD5 of that whole mess to result in and even more irreversable string which is stored in the database as the user's password. 9a345e5cf815ea1c9b3f88296f7eef78 When the user enters their password, it is hashed, then salted, and hashed again - and it checks to see if that garbledegook matches the garbledegook in the database. Put simply, it is impossible to get someone's password with a mere mod. That's what BSMedia was talking about - you can use a super computer that's constantly calculating and hashing dictionary values over a few dozen/hundred years until it finds a match - but this is a highly inefficient means of doing so. I suppose one could also alter the login.php file to steal the password before it is hashed and either store it in the database or have it sent somewhere - but this would instantly be broken the moment they upgraded the board. Either way, stealing your members' passwords like that is really dishonest and is a violation of computer ethics.
|
|
#6
03-11-2009, 08:32 AM
|
||||
|
||||
|
Quote:
 Just pointing out that you don't need to make a one liner post that makes you sound pompous for making a distinction that nobody cares about...The terms are not mutually exclusive. Hashing is a form of encryption, a very specific form. It takes a variable length set of data (binary or text) and then spits out a fixed length known type (either binary or text - not both). Encryption is a broad scope term that means it takes one thing and turns it into another thing. Encryption can be reversable, or in some cases it's not. Either way, you're still turning one thing into another thing.
|
 |
«
Previous Thread
|
Next Thread
»
Linear Mode
|
|
All times are GMT. The time now is 01:53 PM.