Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 05-19-2005, 01:27 PM
JayJay JayJay is offline
 
Join Date: Jan 2005
Posts: 81
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default MD5 and Salt

Is there any way to change the current salt to something different? And if so, how would I go about doing this?

Would I need to change the following in functions_user.php:

Code:
// ###################### Start makesalt #######################
// generates a totally random string of $length chars
function fetch_user_salt($length = 3)
{
	$salt = '';
	for ($i = 0; $i < $length; $i++)
	{
		$salt .= chr(rand(32, 126));
	}
	return $salt;
}
Reply With Quote
  #2  
Old 05-19-2005, 01:43 PM
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Posts: 25,415
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

The salt is randomly generated for each user and stored in teh user table. Why you would want to change that?
Reply With Quote
  #3  
Old 05-19-2005, 01:58 PM
Zero Tolerance's Avatar
Zero Tolerance Zero Tolerance is offline
 
Join Date: Feb 2004
Location: England
Posts: 813
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Well, if you wanted you could change it, if you wanted to change the length, change:
Code:
$length = 3
to your number, like: $length = 5.

If you wanted to change the characters contained within the salt, then change this line:
Code:
		$salt .= chr(rand(32, 126));
I don't really recommend changing anything though, i see no reason as to why it would needed to be changed.

- Zero Tolerance
Reply With Quote
  #4  
Old 05-19-2005, 02:17 PM
Colin F's Avatar
Colin F Colin F is offline
 
Join Date: Jul 2004
Location: Switzerland
Posts: 1,551
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I'm not sure if your users wouldn't have to reset their password if you change the salt though...
Reply With Quote
  #5  
Old 05-19-2005, 02:31 PM
Zachery's Avatar
Zachery Zachery is offline
 
Join Date: Jul 2002
Location: Ontario, Canada
Posts: 11,440
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Colin F
I'm not sure if your users wouldn't have to reset their password if you change the salt though...
Should be fine, salt is only generated on register or password change, it shouldn't matter in the long run..
Reply With Quote
  #6  
Old 05-19-2005, 03:21 PM
Colin F's Avatar
Colin F Colin F is offline
 
Join Date: Jul 2004
Location: Switzerland
Posts: 1,551
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Zachery
Should be fine, salt is only generated on register or password change, it shouldn't matter in the long run..
sure, but isn't the encrypted passsword in the database md5'd with salt?

If so, and you change the salt of a user, it wouldn't be able to match up the passwords, I'd think.
Reply With Quote
  #7  
Old 05-19-2005, 09:57 PM
Zero Tolerance's Avatar
Zero Tolerance Zero Tolerance is offline
 
Join Date: Feb 2004
Location: England
Posts: 813
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Colin F
sure, but isn't the encrypted passsword in the database md5'd with salt?

If so, and you change the salt of a user, it wouldn't be able to match up the passwords, I'd think.
Yeah changing the users salt would mess things up, however changing that (the above code) would only affect new registered users.

- Zero Tolerance
Reply With Quote
  #8  
Old 05-19-2005, 10:04 PM
Zachery's Avatar
Zachery Zachery is offline
 
Join Date: Jul 2002
Location: Ontario, Canada
Posts: 11,440
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Colin F
sure, but isn't the encrypted passsword in the database md5'd with salt?

If so, and you change the salt of a user, it wouldn't be able to match up the passwords, I'd think.
Like ZT said.
Reply With Quote
  #9  
Old 05-19-2005, 10:47 PM
AN-net's Avatar
AN-net AN-net is offline
 
Join Date: Dec 2003
Location: AnimationTalk.com
Posts: 2,367
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

so everytime a password is reset or changed the salt is changed?
Reply With Quote
  #10  
Old 05-19-2005, 10:50 PM
Zachery's Avatar
Zachery Zachery is offline
 
Join Date: Jul 2002
Location: Ontario, Canada
Posts: 11,440
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by AN-net
so everytime a password is reset or changed the salt is changed?
Hmm Not sure actually, take a look at the function I think it only counts for new salts.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 01:18 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05332 seconds
  • Memory Usage 2,251KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (3)bbcode_code
  • (5)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete