Encryption method of password

Like I said earlier... EVERYTHING is crackable.

Believe what you want....... I never said it was easy, but it IS possible.

A hash is NOT crackable, all you can do is find a string of data that results in the same hash, which is far from anything REMOTELY like cracking a hash. So I think you'll find you are misinformed as to what a hash really is if you think you can reverse it. Simply put you CANT reverse a hash, you can only rehash the same data and get the same hash.

As for vB hashes, when trying to break those, you have to start with a password (randomly or sequentially generated), md5 hash it, then generate a random/sequetial salt, and then hash again BEFORE you can compare with the password hash from the DB. You cant, without going through all that OVER and OVER again get a password from the hash without hashing data repeatedly. Additionally, you need to know the salt that was actually used in the password hash to actually be able to find the real password or a string that would be a suitable substitute.

Now I think this argument has gone on long enough.

As already pointed out - you don't seem to know what you are talking about

Let's say you got an unsalted MD5 Hash c6b2fe88912770fc6f2db71f58c7d251 - what's the password that generated this hash?

To make it a bit easier for you, i've attached 2 different files with possible passwords.

You can verify that with
on Windows.

Afterwards, calculate the MD5-Hash of both files using http://www.pc-tools.net/win32/md5sums and tell me if my password was password1.bin.

If you can: Congratulations, you've proven me wrong.

Really hoping somebody can help me out here, thi is the final piece of a puzzle I've been working on for a few days now.

I need to generate the cookie password from the database password so I can set the cookie. This is so I can fix the LDAP authentication plugin here http://www.vbulletin.org/forum/showthread.php?t=196596 which is not setting the cookie bbpassword when it sets user passwords, so its not obeying the 'remember me' tick box

As is stated by Wayne earlier in this thread (and many others) the cookie password is derived as follows:

However when I code this, I do not get the same hashed value as what is stored in the cookie. Note that I can successfully generate the user.password hash as stored in the db with md5(md5($password) + $salt.

The code I am using is very simply:

The VBF******* value is obviously starred out, but I have taken this from our license, and cross checked it againast the value at the top of all the .php vbull code.

But the $calc_cookie_pwd produced does not match the bbpassword in the cookie.

I'm really stumped here, as I'm doing exactly what has been documented but no go.

Any help welcome!

This doesnt work, took me a while to work it out but COOKIE_SALT is NOT the license ID of the software at all. It's not the VBFxxxxxxx value that you want. COOKIE_SALT is some internally generated hash value in vBulletin that you access literally as COOKIE_SALT. From class_core.php:

is the line that checks your password when you login.
$password is the from the cookie, $userinfo['password'] is from the db user.password

Slightly old thread this is.
If you are using vB4, then the syntax may have changed. Depends on your vB version really, but you should use the support forum.