Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 Programming Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 03-14-2010, 02:42 AM
vicelover's Avatar
vicelover vicelover is offline
 
Join Date: Dec 2009
Posts: 100
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Same password stored in DB shown in different ciphertext?

Version: VB 4.0.2

Same password stored in DB shown in different cipher text? It's so strange.

The same password should store as the same cipher text, how to make then same.

Please view the image below. All user are have the same password.
Attached Images
File Type: jpg pwd test.jpg (18.1 KB, 0 views)
Reply With Quote
  #2  
Old 03-14-2010, 02:57 AM
ForumsMods ForumsMods is offline
 
Join Date: Aug 2007
Location: Argentina
Posts: 667
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

This is how vB encrypts passwords:
Code:
md5(md5(PASSWORD) . SALT)
Reply With Quote
  #3  
Old 03-14-2010, 03:03 AM
vicelover's Avatar
vicelover vicelover is offline
 
Join Date: Dec 2009
Posts: 100
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by vB Style View Post
This is how vB encrypts passwords:
Code:
md5(md5(PASSWORD) . SALT)
Thanks.

But I want to the same password store as the same in DB, no matter what kind of encryption method vB used.

Please see the image I posted, I set the user "test1" and "test2" have the same password, but their password stored differently in DB:"6748c3d89db4e0a2ed4415cd954f2606" and "b64edfc2807a3826aa7ac9b41ab45de1".

I want to find a solution to make them stored as the same in DB. Can you give more hints?

Regards.
Reply With Quote
  #4  
Old 03-14-2010, 12:11 PM
raistlinthewiz raistlinthewiz is offline
 
Join Date: Jun 2005
Posts: 19
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

So you can find out the passwords and use them for brute forcing the users email? oh noes...
Reply With Quote
  #5  
Old 03-14-2010, 01:36 PM
Zachery's Avatar
Zachery Zachery is offline
 
Join Date: Jul 2002
Location: Ontario, Canada
Posts: 11,440
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

It won't be wihtout modifing the code, which would make vb upgrades a pain. Learn how to use the salt for your own benifit.
Reply With Quote
  #6  
Old 03-14-2010, 02:27 PM
vicelover's Avatar
vicelover vicelover is offline
 
Join Date: Dec 2009
Posts: 100
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Zachery View Post
It won't be wihtout modifing the code, which would make vb upgrades a pain. Learn how to use the salt for your own benifit.
Hi, Zachery, thanks for your advice.

I haven't consider that would make vb upgrades a pain.

I will find a new solution to solve my issue without change the encryption scheme of vb.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 09:11 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05465 seconds
  • Memory Usage 2,228KB
  • Queries Executed 14 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (2)bbcode_code
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (6)post_thanks_box
  • (6)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (6)post_thanks_postbit_info
  • (6)postbit
  • (1)postbit_attachment
  • (6)postbit_onlinestatus
  • (6)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_attachment
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete