No announcement yet.

What password scheme does vBulletin use?

  • Filter
  • Time
  • Show
Clear All
new posts

  • [Documentation] What password scheme does vBulletin use?

    Hello. I'm trying to complete a small project on my site - external authorization of vBulletin users to Piwigo gallery, but there is a small problem - I don't know the password encryption method/scheme of vBulletin (i use 5.6.2). Is there any documentation on this?

    Additionally: has someone already done a similar integration? I would be grateful for any information on this matter.

  • #2
    It depends on your version of PHP and how your PHP is configured...

    With PHP 7.2 and higher with the Argon library installed, vBulletin 5.6.2 will use the Argon2id password hashing scheme. Without the Argon library installed, it will use the Blowfish password hashing scheme with a cost of 15.

    Password schemes are listed in the /core/includes/xml/pws_schemes.xml file. The system will automatically switch passwords from the lower priority schemes to supported higher priority schemes on login. Custom schemes can be also be added with custom coding. The legacy password scheme is from vBulletin 3 and 4 and is not as secure as the other schemes. We do not recommend its use. It is only included for backwards compatibility. Passwords are hashed using the standard password_hash() function in PHP. You can see the code for each of these in a non-phar download under /core/vb/utlity/password
    Translations provided by Google.

    Wayne Luke
    The Rabid Badger - a vBulletin Cloud demonstration site.
    vBulletin 5 API


    • elektro-kot
      elektro-kot commented
      Editing a comment
      Thank you for the info Wayne, this is what I was looking for.

Related Topics