Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 Programming Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 06-22-2007, 04:35 AM
monster64 monster64 is offline
 
Join Date: Jun 2007
Posts: 5
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Question about password hash

Before I switched to vbulletin, I was using phpbb. I had coded a login system in C++ where the user could enter their forum username and password, and then if they were in a paid subscription group, they could use the software. It used mysql apis to retrieve information from the database. Now phpbb encoded their passwords with an md5 algorithm. Since the algorithm generates the same hash on any programming language, I hashed the password the user typed in from C++, then compared it with the already hashed password stored on the server, and if they matched, the user could log in and continue with the authentication process. Now when I switched to VB, I made some minor changes for the new tables etc, however I can't log in. Looking at the database and then around this forum, I realize that VB doesn't use just an md5 hash to encrypt the password. Does anyone know what algorithm VB uses in addition to md5, and if its available to the public?

If I can't obtain the algorithm they use, could I just make VB encrypt the password with md5 only?
Reply With Quote
  #2  
Old 06-22-2007, 06:15 AM
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Location: Melbourne, Australia
Posts: 15,047
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

If you only looked around for it......
PHP Code:
md5(md5($password) . $salt
Reply With Quote
  #3  
Old 06-22-2007, 08:59 AM
Mac_Cross Mac_Cross is offline
 
Join Date: Feb 2007
Posts: 2
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

is it possible that vb generate the password in the 3.6.7 version different?

--- my fault, you can delete it - sorry
Reply With Quote
  #4  
Old 06-22-2007, 02:43 PM
monster64 monster64 is offline
 
Join Date: Jun 2007
Posts: 5
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

So it md5s the password, uses the salt function on it, then md5s the whole thing? I got that, but where is the salt function itself?
Reply With Quote
  #5  
Old 06-23-2007, 03:15 AM
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Location: Melbourne, Australia
Posts: 15,047
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Look in the user table, there's a field called salt.
Reply With Quote
  #6  
Old 06-23-2007, 02:49 PM
monster64 monster64 is offline
 
Join Date: Jun 2007
Posts: 5
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Got it working again, thanks. The salt function vbulletin uses concats the salt to the end of the md5 hashed password, then md5 hashes it again, if anyone is curious.
Reply With Quote
  #7  
Old 06-24-2007, 06:07 AM
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Location: Melbourne, Australia
Posts: 15,047
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Which is exactly what I posted a few posts up.
PHP Code:
md5(md5($password) . $salt
Reply With Quote
  #8  
Old 06-26-2007, 09:01 PM
monster64 monster64 is offline
 
Join Date: Jun 2007
Posts: 5
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Didn?t know exactly what .$salt did
Reply With Quote
  #9  
Old 06-27-2007, 09:34 AM
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Location: Melbourne, Australia
Posts: 15,047
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

. (dot) is the concatenation character in PHP.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 03:22 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.08930 seconds
  • Memory Usage 2,232KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (2)bbcode_php
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (9)post_thanks_box
  • (9)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (9)post_thanks_postbit_info
  • (9)postbit
  • (9)postbit_onlinestatus
  • (9)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete