JJLenz
Tue 29th Apr '08, 6:11pm
I'm designing a web site user login system for a new site. Although vBulletin won't be used on the site initially, the plan is to use it to implement a forum in 6-12 months.
So I'd like to create usernames, passwords and salt values exactly as vBulletin does so that the values could be directly transfered into the vBulleting user database when the time comes. At that time we'd then authenticate against the vBulletin database.
I've read that the hashing algorithm used is:
$hash = MD5(MD5($password) . $salt))
I see in the MySQL database columns of the following types:
username is varchar(100)
password is char(32)
salt is char(3)
Questions I have:
What are the constraints on these three columns?
username: Do you restrict characters used? Can they really be up to 100 characters long? What is the minimum length? Any other constraints?
password: Seems easy enough, so long as I have the algorithm correct.
salt: Looks like random printable characters (ASCII 32..126). Would that be correct? Does the salt ever change, such as when a password is reset?
So I'd like to create usernames, passwords and salt values exactly as vBulletin does so that the values could be directly transfered into the vBulleting user database when the time comes. At that time we'd then authenticate against the vBulletin database.
I've read that the hashing algorithm used is:
$hash = MD5(MD5($password) . $salt))
I see in the MySQL database columns of the following types:
username is varchar(100)
password is char(32)
salt is char(3)
Questions I have:
What are the constraints on these three columns?
username: Do you restrict characters used? Can they really be up to 100 characters long? What is the minimum length? Any other constraints?
password: Seems easy enough, so long as I have the algorithm correct.
salt: Looks like random printable characters (ASCII 32..126). Would that be correct? Does the salt ever change, such as when a password is reset?