Announcement

Collapse
No announcement yet.

ipb 2.0 password encryption

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • ipb 2.0 password encryption

    hello,

    i knew it before, but some minutes ago i browsed the phpbb converter forums and noticed that the phpbb converter community got big problems with converting ipb.2.0 passwords to phpbb 2.x passwords.
    is vbulletin using the same encryption as ipb does and if not, is it possible that ipb 2.0 encrypted passwords work with vb 3.0.3? i hope this will be the case.
    selling kawaiiNation.com

  • #2
    I am going to take a longshot guess that members will need to request their passwords after a conversion. But Jerry would have the final solution

    Comment


    • #3
      a, did i get that right? your guess is that jerry will implement a routine which creates a random password for each user?
      Last edited by Lenni; Sun 29th Aug '04, 1:12pm.
      selling kawaiiNation.com

      Comment


      • #4
        Actually their password encryption is more or less identical to ours. The generate a salt and store it in their member table, i'm just not too sure if they do the same md5 routine.
        Scott MacVicar

        My Blog | Twitter

        Comment


        • #5
          Shouldn't this be in the import system forum?

          Anyway, I did some reading on IPB 2.x's password schema a while ago and as it turned out it is elementary to import IPB 2.x's password hashes to vBulletin 3.x. IPS chose to use the same system but hash the salt in the password hash to make it difficult to switch from vBulletin 3.x to IPB 2.x with the same password hashes. For a visual aid, here is how vBulletin's password schema works:

          md5(md5(password).salt)

          Here is IPB 2.x's password schema:

          md5(md5(password).md5(salt))

          In order to import the password hashes, Jerry merely has to have Impex store the salt as md5(salt). I sent him the tip several months ago.

          Comment


          • #6
            sorry, i did not make efforts to find the forum this topic belongs to. and these are good news, right? probably my members wont need to request new passwords?
            selling kawaiiNation.com

            Comment


            • #7
              They shouldn't although I just checked the vBulletin database and it seems that Jelsoft will have to modify the salt field one way or another to be able to store more than 3 characters.

              Comment


              • #8
                You should be able to migrate without any major pain either way. At worst you would have a change in your login code.

                In fact, if moving from IPB 2 to VB 3, you have a cakewalk experience. Just run something like UPDATE user SET salt=MD5(salt); query (assuming you got salts imported directly without any changes). In the end result you'll ahve some users with a lengthy 32 character salt opposed to vb's 3 char one in length, but that won't have any notable impact.

                Comment


                • #9
                  Shouldn't this be in the import system forum?
                  Moved to the import forum

                  Comment


                  • #10
                    Originally posted by okrogius
                    You should be able to migrate without any major pain either way. At worst you would have a change in your login code.

                    In fact, if moving from IPB 2 to VB 3, you have a cakewalk experience. Just run something like UPDATE user SET salt=MD5(salt); query (assuming you got salts imported directly without any changes). In the end result you'll ahve some users with a lengthy 32 character salt opposed to vb's 3 char one in length, but that won't have any notable impact.
                    You would need to expand the salt field to 32 chars first though
                    TheologyWeb. We debate theology. srsly.

                    Comment


                    • #11
                      Originally posted by cirisme
                      You would need to expand the salt field to 32 chars first though
                      Which would break one of the rules of the import, being modifying the target database. Extending is fine (i.e. adding lots of import id's ) but modifying existing schema and requiring code changes is not something I'd want to do.

                      I'll discuss it with the team.
                      I wrote ImpEx.

                      Blog | Me

                      Comment


                      • #12
                        If you don't resize the salt field you won't be able to import passwords from IPB 2.x.

                        Comment


                        • #13
                          I wrote a plugin that basically syncs IPB 2.x passwords to vB4.x in real time as the board members log in.

                          http://www.vbulletin.org/forum/showthread.php?t=236012

                          I don't see this approach ever being a part of impex, because it requires DISABLE_PASSWORD_CLEARING.
                          It's not a bad short-term hack to use during a migration though. Certainly beats having everyone reset their password.

                          Comment

                          widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                          Working...
                          X