Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 Programming Discussions
  #1  
Old 12-04-2006, 11:32 PM
Osterling Osterling is offline
 
Join Date: Jan 2004
Posts: 381
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default vBulletin encrypted passwords

How does php encrypt the passwords? For instance, on a site I am building I use sha1() to encrypt the passwords.
Reply With Quote
  #2  
Old 12-04-2006, 11:49 PM
akanevsky akanevsky is offline
 
Join Date: Apr 2005
Posts: 3,972
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Osterling View Post
How does php encrypt the passwords? For instance, on a site I am building I use sha1() to encrypt the passwords.
vBulletin uses md5() to encrypt the passwords.
Reply With Quote
  #3  
Old 12-05-2006, 12:08 AM
Osterling Osterling is offline
 
Join Date: Jan 2004
Posts: 381
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

So if instead on my register script, I use md5() to encrypt users passwords, a user who registers using my script will be able to login to my vbulletin forum using the same username and password?
Reply With Quote
  #4  
Old 12-05-2006, 12:33 AM
Paul M's Avatar
Paul M Paul M is offline
 
Join Date: Sep 2004
Location: Nottingham, UK
Posts: 23,748
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

No, it doesn't just hash the password, there is a random "salt" used as well.
Reply With Quote
  #5  
Old 12-05-2006, 01:22 AM
Osterling Osterling is offline
 
Join Date: Jan 2004
Posts: 381
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Okay.. well, I have a site that already has a member system and my objective is to make it so users need not to register two accounts and login twice. If I change my encryption to md5(), what else do I need to do? I am not familiar with salt.
Reply With Quote
  #6  
Old 12-05-2006, 03:25 AM
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Location: Melbourne, Australia
Posts: 15,047
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

This is how vBulletin encrypts passwords:
String (eg. test)
MD5 The String (098f6bcd4621d373cade4e832627b4f6)
Add Salt to End of the Hash (If salt is 1234 then the result would be 098f6bcd4621d373cade4e832627b4f61234)
MD5 The String w/ Hash (260cac331a7b9d4416cd11146d39b33d)

That's how I remember it, feel free to correct me. The salt is a random string determined at registration. It is located in the table "user" in a field called "salt".
Reply With Quote
  #7  
Old 12-06-2006, 07:35 AM
Brad Brad is offline
 
Join Date: Nov 2001
Posts: 4,765
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

vBulletin does not encrypt passwords!

Encryption is the process of storing the orginal data in such a way that a cypher can later decrypt the information so it can be used in it's orignal form. Encryption is something that you would only use in a case where you needed to share certain information with a group of people without having that information getting to people outside of that group.

What vBulletin uses for passwords is called a hash function, which is nothing like encryption. You can not get the orginal data from something that was ran through a hash function. Instead you take new input from the user (the password) and run it through the hash function, then you attempt to match the output from the new user input with older user input that is stored in another location. If both hashes match then the user has provided the correct input and will be allowed to log-in, if not the input he provided is wrong and you deny his log-in.

You see encryption is rather useless when it comes to passwords because the user should already know his password.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 04:06 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05536 seconds
  • Memory Usage 2,206KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (7)post_thanks_box
  • (7)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (7)post_thanks_postbit_info
  • (7)postbit
  • (7)postbit_onlinestatus
  • (7)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete