Announcement

Announcement Module
Collapse
No announcement yet.

What cryptographic hash function is VBulletin using for user passwords protection?

Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • [Forum] What cryptographic hash function is VBulletin using for user passwords protection?

    Just curious, I wonder what hash function is VB using for VB3 and VB4. MD5, SHA-1, SHA-2 or none of these above?

  • #2
    PHP Code:
    $sql "SELECT username FROM vb_user 
                           WHERE username = '
    {$_POST['fusername']}
                           AND password = md5( concat( md5('
    {$_POST['fpassword']}'), salt));"
    looks like md5 to me

    Comment


    • #3
      umm md5, are you sure about that? I heard that md5 is highly obsolete and sites running with md5 hash function are exposed to the greatest danger of hacking. Would a VB staff please explain this to me? Thanks.

      Comment


      • #4
        Originally posted by Hall of Famer View Post
        umm md5, are you sure about that? I heard that md5 is highly obsolete and sites running with md5 hash function are exposed to the greatest danger of hacking. Would a VB staff please explain this to me? Thanks.
        We use a double md5 hash with a salt. Without the salt its moderately hard to get a value that works for the password.

        something like md5(md5(password)salt)


        All hashing methods are weak with access to the hash table, protecting your database is the most important thing you can do.

        http://www.pixel2life.com/publish/tu...rd_encryption/

        Follow me on Twitter @vBZachery
        vBulletin and Forum Runner Support

        Comment

        Working...
        X