Encryption method of password
Collapse
X
-
-
A hash is NOT crackable, all you can do is find a string of data that results in the same hash, which is far from anything REMOTELY like cracking a hash. So I think you'll find you are misinformed as to what a hash really is if you think you can reverse it. Simply put you CANT reverse a hash, you can only rehash the same data and get the same hash.
As for vB hashes, when trying to break those, you have to start with a password (randomly or sequentially generated), md5 hash it, then generate a random/sequetial salt, and then hash again BEFORE you can compare with the password hash from the DB. You cant, without going through all that OVER and OVER again get a password from the hash without hashing data repeatedly. Additionally, you need to know the salt that was actually used in the password hash to actually be able to find the real password or a string that would be a suitable substitute.
Now I think this argument has gone on long enough.Comment
-
Let's say you got an unsalted MD5 Hash c6b2fe88912770fc6f2db71f58c7d251 - what's the password that generated this hash?
To make it a bit easier for you, i've attached 2 different files with possible passwords.
You can verify that with
Code:fc password1.bin password2.bin
Afterwards, calculate the MD5-Hash of both files using http://www.pc-tools.net/win32/md5sums and tell me if my password was password1.bin.
If you can: Congratulations, you've proven me wrong.Attached FilesComment
-
I need to generate the cookie password from the database password so I can set the cookie. This is so I can fix the LDAP authentication plugin here http://www.vbulletin.org/forum/showthread.php?t=196596 which is not setting the cookie bbpassword when it sets user passwords, so its not obeying the 'remember me' tick box
As is stated by Wayne earlier in this thread (and many others) the cookie password is derived as follows:
The code I am using is very simply:
<?php
$calc_db_pwd = md5(md5($cleartext_password) . $salt_from_user_table);
echo 'calc_db_pwd: ' . $calc_db_pwd . '<br>';
$calc_cookie_pwd = md5(md5(md5($cleartext_password) . $salt_from_user_table).'VBF*******');
echo 'calc cookie bbpassword: ' . $calc_cookie_pwd . '<br>';
?>
But the $calc_cookie_pwd produced does not match the bbpassword in the cookie.
I'm really stumped here, as I'm doing exactly what has been documented but no go.
Any help welcome!Last edited by john.parlane; Wed 28 Apr '10, 8:06pm.Comment
-
Code:if (md5($userinfo['password'] . COOKIE_SALT) == $password)
$password is the from the cookie, $userinfo['password'] is from the db user.passwordComment
-
Slightly old thread this is.
If you are using vB4, then the syntax may have changed. Depends on your vB version really, but you should use the support forum.That's it. If you REALLY can't say ANYTHING nice to me at all on this forum, then I am going to go insanely mad at you. I've had enough of the UNTOLD ABUSE you are all giving me and you should really be CONSIDERATE of other people.
Comment
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Comment