Announcement

Collapse
No announcement yet.

What cryptographic hash function is VBulletin using for user passwords protection?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Zachery
    replied
    Originally posted by Hall of Famer View Post
    umm md5, are you sure about that? I heard that md5 is highly obsolete and sites running with md5 hash function are exposed to the greatest danger of hacking. Would a VB staff please explain this to me? Thanks.
    We use a double md5 hash with a salt. Without the salt its moderately hard to get a value that works for the password.

    something like md5(md5(password)salt)


    All hashing methods are weak with access to the hash table, protecting your database is the most important thing you can do.

    http://www.pixel2life.com/publish/tu...rd_encryption/

    Leave a comment:


  • Hall of Famer
    replied
    umm md5, are you sure about that? I heard that md5 is highly obsolete and sites running with md5 hash function are exposed to the greatest danger of hacking. Would a VB staff please explain this to me? Thanks.

    Leave a comment:


  • punchbowl
    replied
    PHP Code:
    $sql "SELECT username FROM vb_user 
                           WHERE username = '
    {$_POST['fusername']}
                           AND password = md5( concat( md5('
    {$_POST['fpassword']}'), salt));"
    looks like md5 to me

    Leave a comment:


  • What cryptographic hash function is VBulletin using for user passwords protection?

    Just curious, I wonder what hash function is VB using for VB3 and VB4. MD5, SHA-1, SHA-2 or none of these above?
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X