Go Back   vb.org Archive > vBulletin 5 Connect Discussion > vB5 Programming Discussions
  #1  
Old 02-08-2014, 01:50 PM
Gavo34 Gavo34 is offline
 
Join Date: Feb 2013
Posts: 8
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default VB5.1 beta - validate user with blowfish?

How does VB5.1.0 beta validate users with blowfish?

Older Versions
PHP Code:
            $vb_hash md5($password $user[salt]);
            if (
$vb_hash==$pass)
            {
            
// check subscription  etc.
            

Is it something like

PHP Code:
crypt("$valid_username . $valid_password"$token)   == $secret    

Thanks
Reply With Quote
  #2  
Old 10-01-2014, 03:20 PM
David King David King is offline
 
Join Date: Sep 2014
Posts: 1
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Fair warning: I am pretty green when it comes to vBulletin; also, I'm not a PHP hacker ? so apologies for using the wrong language below. Hopefully somebody else will be able to translate this into sensible PHP.

I needed to do the same thing (for account integration with another application) so I had a rummage through the code and this is what I've come up with:

Quote:
Is it something like

PHP Code:
crypt("$valid_username . $valid_password"$token)   == $secret 
?
user table field scheme indicates which hashing algorithm to use. You must check this before checking the token field (which contains the actual hash according to the indicated algorithm).

scheme == 'legacy' indicates the old style of password hash (which you outlined), and you will find the necessary salt in secret.

scheme == 'blowfish:10' indicates a 10-round blowfish cipher. The Python code to handle both schemes (using passlib) is:
Code:
import hashlib
import passlib.hash
# ...
def check_pw( pw, scheme, pw_hash, salt ):
    pw = hashlib.md5( pw ).hexdigest()
    if scheme.startswith( 'blowfish' ):
        return passlib.hash.bcrypt.verify( pw, pw_hash )
    elif scheme == 'legacy':
        return hashlib.md5( pw + salt ).hexdigest() == pw_hash
AIUI, the same can be accomplished with bcrypt directly by replacing the passlib line with:
Code:
        return bcrypt.hashpw( pw, pw_hash ) == pw_hash
Note that for both blowfish and legacy schemes, the raw password should be MD5summed first.

(This puzzles me, because it seems that it restricts the possible input character set and length to [0-9a-f]{32}, but I'm also no crypto expert :erm
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 11:16 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04579 seconds
  • Memory Usage 2,169KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (2)bbcode_code
  • (3)bbcode_php
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (2)post_thanks_box
  • (2)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (2)post_thanks_postbit_info
  • (2)postbit
  • (2)postbit_onlinestatus
  • (2)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete