What cryptographic hash function is VBulletin using for user passwords protection?

Zachery replied

Wed 13 Apr '11, 7:39am
Originally posted by Hall of Famer View Post

umm md5, are you sure about that? I heard that md5 is highly obsolete and sites running with md5 hash function are exposed to the greatest danger of hacking. Would a VB staff please explain this to me? Thanks.

We use a double md5 hash with a salt. Without the salt its moderately hard to get a value that works for the password.

something like md5(md5(password)salt)

All hashing methods are weak with access to the hash table, protecting your database is the most important thing you can do.

http://www.pixel2life.com/publish/tu...rd_encryption/
Leave a comment:
Hall of Famer replied

Wed 13 Apr '11, 6:18am
umm md5, are you sure about that? I heard that md5 is highly obsolete and sites running with md5 hash function are exposed to the greatest danger of hacking. Would a VB staff please explain this to me? Thanks.
Leave a comment:
punchbowl replied

Wed 13 Apr '11, 4:07am
PHP Code:

$sql = "SELECT username FROM vb_user WHERE username = '{$_POST['fusername']}' AND password = md5( concat( md5('{$_POST['fpassword']}'), salt));";

looks like md5 to me
Leave a comment:
Hall of Famer started a topic [Forum] What cryptographic hash function is VBulletin using for user passwords protection?

Wed 13 Apr '11, 3:14am
What cryptographic hash function is VBulletin using for user passwords protection?

Just curious, I wonder what hash function is VB using for VB3 and VB4. MD5, SHA-1, SHA-2 or none of these above?
Tags: None

vBulletin 4 End of Life

Announcement

What cryptographic hash function is VBulletin using for user passwords protection?

Leave a comment:

Leave a comment: