Go Back   vb.org Archive > vBulletin 5 Connect Discussion > vB5 Programming Discussions
  #1  
Old 06-18-2015, 07:53 AM
hsnDnz hsnDnz is offline
 
Join Date: Nov 2012
Posts: 6
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Blowfish Password Scheme

Hi everyone. I need to learn blowfish scheme details. How can i create a blowfish password via php and how can i verify a user's password. thanks
Reply With Quote
  #2  
Old 06-18-2015, 08:41 AM
kh99 kh99 is offline
 
Join Date: Aug 2009
Location: Maine
Posts: 13,185
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Maybe look at the php functions password_hash and password_verify

BTW, I don't know much about vb5. If you are specifically asking about what vb5 does for password hashing then my answer probably doesn't make sense.
Reply With Quote
Благодарность от:
hsnDnz
  #3  
Old 06-18-2015, 11:19 AM
hsnDnz hsnDnz is offline
 
Join Date: Nov 2012
Posts: 6
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

i know these functions, i am asking specially for vb5
Reply With Quote
  #4  
Old 06-21-2015, 06:29 AM
hsnDnz hsnDnz is offline
 
Join Date: Nov 2012
Posts: 6
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

hi again!
password_hash($pass, PASSWORD_BCRYPT, array('salt' => ''));
this is ok. i wonder what is the salt?
Reply With Quote
  #5  
Old 06-21-2015, 08:40 AM
kh99 kh99 is offline
 
Join Date: Aug 2009
Location: Maine
Posts: 13,185
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Again, I'm not sure if you're asking a question about vb5. But when using the password_hash function you can provide a random string as salt, but you don't have to. If you don't, a random string will be generated for you. The salt is returned as part of the hash, so you do not need to store the salt separately.

Also (as you may know already), those functions are only in php 5.5 or greater, but before that you could use crypt() to do the same thing (although then you *would* need to create your own random string for salt).
Reply With Quote
  #6  
Old 06-22-2015, 09:23 AM
hsnDnz hsnDnz is offline
 
Join Date: Nov 2012
Posts: 6
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Salt can't be random. if it is random, diffrent passwords are created at every turn.
Reply With Quote
  #7  
Old 06-22-2015, 09:49 AM
cellarius's Avatar
cellarius cellarius is offline
 
Join Date: Aug 2005
Posts: 1,987
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Of course it can. You need to store the salt with the encrypted password.
Reply With Quote
  #8  
Old 06-22-2015, 09:52 AM
kh99 kh99 is offline
 
Join Date: Aug 2009
Location: Maine
Posts: 13,185
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I'm not really an expert on password algorithms, but my understanding is that a salt value is randomly generated at some point (like whenever the password is changed), but of course you need to save the salt as well as the hashed password to be able to validate a password. So you're right, it isn't generated randomly every time you check a password. But as I mentioned above, the password_hash() function (and the crypt() function it's based on) return a string that includes the hash algorithm, the iteration count, and the salt (in addition to the hashed password), so you really only need to save the one string that is returned, and when you use password_verfiy() to check a password, that string will contain all the necessary information.

It might help to study the examples for password_hash() and crypt() in the php manual.

Edit: cellarius posted while I was writing, didn't mean to repeat what he said.
Reply With Quote
  #9  
Old 06-22-2015, 10:06 AM
hsnDnz hsnDnz is offline
 
Join Date: Nov 2012
Posts: 6
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by cellarius View Post
Of course it can. You need to store the salt with the encrypted password.
you are right i wonder that:

the function is this
Code:
password_hash($password, $algo, array $options = array())
what is password? only the key which user writes or md5($password) or anything else?

And what is the array("salt" => ?). This not secret key. You know there is a secret in db. Salt cloumn is null. oh my god i will be crazy soon.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 04:39 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04260 seconds
  • Memory Usage 2,238KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_code
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (9)post_thanks_box
  • (1)post_thanks_box_bit
  • (9)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit
  • (9)post_thanks_postbit_info
  • (9)postbit
  • (9)postbit_onlinestatus
  • (9)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete