The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
VB5.1 beta - validate user with blowfish?
How does VB5.1.0 beta validate users with blowfish?
Older Versions PHP Code:
PHP Code:
Thanks |
#2
|
|||
|
|||
Fair warning: I am pretty green when it comes to vBulletin; also, I'm not a PHP hacker ? so apologies for using the wrong language below. Hopefully somebody else will be able to translate this into sensible PHP.
I needed to do the same thing (for account integration with another application) so I had a rummage through the code and this is what I've come up with: Quote:
scheme == 'legacy' indicates the old style of password hash (which you outlined), and you will find the necessary salt in secret. scheme == 'blowfish:10' indicates a 10-round blowfish cipher. The Python code to handle both schemes (using passlib) is: Code:
import hashlib import passlib.hash # ... def check_pw( pw, scheme, pw_hash, salt ): pw = hashlib.md5( pw ).hexdigest() if scheme.startswith( 'blowfish' ): return passlib.hash.bcrypt.verify( pw, pw_hash ) elif scheme == 'legacy': return hashlib.md5( pw + salt ).hexdigest() == pw_hash Code:
return bcrypt.hashpw( pw, pw_hash ) == pw_hash (This puzzles me, because it seems that it restricts the possible input character set and length to [0-9a-f]{32}, but I'm also no crypto expert :erm |
Thread Tools | |
Display Modes | |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|