I am trying to update an old application that synchronised VB passwords directly in the DB with another system. It used MD5 and worked fine.
So the application now calls the PHP function "password_hash" on the same server (so using same PHP version)
S
For a password of vb123 the following hash is generated by the PHP function
$hash = password_hash($password, PASSWORD_BCRYPT, array("cost" => 10));
$2y$10$ICYle1/IHcKyZ49vh8wNXuhMNAGL7juetlMUJkD8kkbzwipS.i78K
For a password of vb123 the following hash is generated by VBulletin5 using the admin control panel.
$2y$10$bvJB.hKjhP9sV74Zt8TbLeZKNiY1wCOGWpKR/A.g.uQ4mVz3YLq..
When I check the VBulletin generated one using the PHP function "password_verify" it says it does not match.
however the first one does (as expected)
But only the VB one allows me to login to VBulletin and the first one does not.
What is VB doing after the hashing that is different?
Comment