Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > General > Member Archives
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
Details »»

Version: , by X-PhoeniX (Guest)
Developer Last Online: Jan 1970 Show Printable Version Email this Page

Version: Unknown Rating:
Released: 02-28-2001 Last Update: Never Installs: 0
 
No support by the author.

Is there a hack available that the userpasswords that are stored in the database, are encryped?
I'm not so good in mysql, but i think that it can be done by getting the encrypted password from the db, and encrypt the password that the user enters, and then compare it or something?

I would just be more safe. Because i run more often and more often into servers, wich have a standard phpadmin dir, provided by their isp, with isn't password protected, so anyone can read out the names and passwords..

If the passwords will be stored in the database with lets say md5 encryption, on those servers the information will still be readable, but the passwords will not be, cause the password can't be decrypted without entering a password and comparing it.

But then again, i don't think this is possible.. because, how would the passmailer work then?

But think about it

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #2  
Old 02-28-2001, 12:58 AM
Guest
 
Posts: n/a
Default

Both PHP and MySQL already have a standard encryption support built in. I agree it would be more secure, but I believe it's the admins responsibility to make sure things are secure. If you can't secure your equipment and software you deserve to be exploited.

Plus, even standard UNIX salt encryption can be broken by brute force. I have written programs in Perl, C and C++ that, given the encrypted password, will break it. Depending on the password and the machine it can take a lot of time, however you can divide the list of possible combinations down and spread it over a few computers. Given a handful of computers cranking away any password could be broken in a week or two. The other part that really makes this easy is the fact that current salt encryption can only encrypt a max of 8 characters. There are some algorithums out there that will break strings down into 8 character segments and encrypt each segment, however they aren't standard.


To make a long story even longer, I like users having the ability to have their password mailed to them.
Reply With Quote
  #3  
Old 02-28-2001, 01:22 PM
Guest
 
Posts: n/a
Default

basically, what you're saying is that every encryption can be broken. yeah sure, you're completely right.
But! Even if you spread it over more boxes, as you say, you will need lets say something like 2 weeks to break it.
Better 2 weeks, then no time at all.
And true, the servers SHOULD be more safe, but i've experienced a couple of times that the enduser wasn't even aware of the risks..
It's the ISP's task, but still i think that i, as end user on a discussion board, would beel more comfertable, knowing that my password is encoded, that even admin's can't see it blindly..
Reply With Quote
  #4  
Old 02-28-2001, 01:36 PM
Guest
 
Posts: n/a
Default

MD5 encryption can't be undone. This means that if a user loses their password, there is no way to get it back. Bammm lost user.
Reply With Quote
  #5  
Old 02-28-2001, 02:02 PM
Guest
 
Posts: n/a
Default

Quote:
Originally posted by wluke
MD5 encryption can't be undone. This means that if a user loses their password, there is no way to get it back. Bammm lost user.
But... if the users loses it's password, he/she must get it through the passmailer.

Why don't generate a random password then? I have that implemented in my 1.1.5 now when someone registers..

And if a member loses their password, it doesn't matter if they get their old password back, or a randomly generated one.. it's all the same to them, cuz they have to change it anyway..
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 03:04 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03729 seconds
  • Memory Usage 2,226KB
  • Queries Executed 18 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (5)post_thanks_box
  • (5)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (5)post_thanks_postbit_info
  • (4)postbit
  • (5)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete