Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 10-11-2005, 04:23 AM
truongton truongton is offline
 
Join Date: Feb 2004
Posts: 15
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default How 2 encode & display password ?

How 2 encode password from data ?
And how 2 display members password in user manager ?

Can u help me answer ?
Reply With Quote
  #2  
Old 10-11-2005, 05:05 AM
Darkwaltz4's Avatar
Darkwaltz4 Darkwaltz4 is offline
 
Join Date: Oct 2002
Location: Chicago
Posts: 1,538
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

the password is saved as an md5 with salt added to the password.

you cant undo this process, only re-encyrpt when a user submits it, and then compares to the saved version to see if they match. this is a security feature, so that passwords arent sitting around in plaintext should the database get compromised

also, i think this is in the wrong forum
Reply With Quote
  #3  
Old 10-11-2005, 05:14 AM
truongton truongton is offline
 
Join Date: Feb 2004
Posts: 15
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

No way huh ?
Reply With Quote
  #4  
Old 10-11-2005, 05:25 AM
Darkwaltz4's Avatar
Darkwaltz4 Darkwaltz4 is offline
 
Join Date: Oct 2002
Location: Chicago
Posts: 1,538
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

nope. i read somewhere that the only way to unencode such a hash requires a super computer and a very long time. although im not entirely sure if the hash is even representative of the entire string, or if it actually truncates since it is not meant to be translated back anyway. its a long complicated mess, as it is supposed to be

again, a security measure so passwords are possible, yet only the supplier of the password can know what it is. in vbulletin, you can only RESET or CHANGE the password of a user, not look it up and tell them what the old value was.

So no. The 'forgot your password?' feature in vbulletin should suffice well enough should a user forget what their password was; it will give them a new one and email it to them, to log in and switch back if they so please.
Reply With Quote
  #5  
Old 10-11-2005, 10:54 AM
Xenon's Avatar
Xenon Xenon is offline
 
Join Date: Oct 2001
Location: Bavaria
Posts: 12,878
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

actually the correct answer is:
it is mathematically impossible to get the original password back once it is encrypted.

that's because md5 is a hasfunction (a so called fingerprint) and not a real encryption function.

there can be two different passwords which have the same hash, so as said mathematically impossible to get the original pw back (but it's technically possible to get a pw which will work as the original one, but that's a very complicated process and takes a long time to generate)
Reply With Quote
  #6  
Old 10-11-2005, 02:38 PM
Darkwaltz4's Avatar
Darkwaltz4 Darkwaltz4 is offline
 
Join Date: Oct 2002
Location: Chicago
Posts: 1,538
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

:-p thats what i always wondered about. if the hash is a 32-char hex number, then there is still a finite (though really large) amount of codes that can be produced, so naturally it has to run out somewhere, if it hasnt already. thus, there has to be multiples at some point, even if they are very very different from each other (say, one string, and an entire program). i guess you just have to limit the amount of acceptable password length and hope theres no two short strings which produce the same thing :-p (hey, even msn does it with THEIR passwords, so we should totally trust them right o.o lol)
Reply With Quote
  #7  
Old 10-13-2005, 03:45 AM
truongton truongton is offline
 
Join Date: Feb 2004
Posts: 15
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

now i'm understand ... thanks man !
Reply With Quote
  #8  
Old 10-13-2005, 04:06 AM
Evil X Evil X is offline
 
Join Date: Sep 2005
Location: naptown
Posts: 386
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

sounds like you want to hack your members lol
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 03:11 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03842 seconds
  • Memory Usage 2,222KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (8)post_thanks_box
  • (8)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (8)post_thanks_postbit_info
  • (8)postbit
  • (8)postbit_onlinestatus
  • (8)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete