Announcement

Collapse
No announcement yet.

Encryption method of password

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Originally posted by Jobe1986 View Post
    The key point to your argument is "encryption". MD5, SHA1 etc... are NOT encryption, they are hash algorithms. Designed to be irreversable. The ONLY way to find out what produces a hash the same is to repeatedly hash strings of data until you get the same result. You cannot otherwise undo the mathematical operation and get the exact string used. Now if you're trying to find what values make a simple hash then that wont take so long, but with vBulletin hashes you need to find out the salt too, which makes the job of finding a pattern that matches a hell of a lot harder, because with the salt, you have to find a salt, that when applied to the same password as the salt in the DB, will produce the SAME hash.
    Like I said earlier... EVERYTHING is crackable.

    Believe what you want....... I never said it was easy, but it IS possible.

    Comment


    • #17
      A hash is NOT crackable, all you can do is find a string of data that results in the same hash, which is far from anything REMOTELY like cracking a hash. So I think you'll find you are misinformed as to what a hash really is if you think you can reverse it. Simply put you CANT reverse a hash, you can only rehash the same data and get the same hash.

      As for vB hashes, when trying to break those, you have to start with a password (randomly or sequentially generated), md5 hash it, then generate a random/sequetial salt, and then hash again BEFORE you can compare with the password hash from the DB. You cant, without going through all that OVER and OVER again get a password from the hash without hashing data repeatedly. Additionally, you need to know the salt that was actually used in the password hash to actually be able to find the real password or a string that would be a suitable substitute.

      Now I think this argument has gone on long enough.
      http://data.collectiveirc.net/status/user/Jobe.png

      Comment


      • #18
        Originally posted by FreshFroot_ View Post
        Like I said earlier... EVERYTHING is crackable.

        Believe what you want....... I never said it was easy, but it IS possible.
        As already pointed out - you don't seem to know what you are talking about

        Let's say you got an unsalted MD5 Hash c6b2fe88912770fc6f2db71f58c7d251 - what's the password that generated this hash?

        To make it a bit easier for you, i've attached 2 different files with possible passwords.

        You can verify that with
        Code:
        fc password1.bin password2.bin
        on Windows.

        Afterwards, calculate the MD5-Hash of both files using http://www.pc-tools.net/win32/md5sums and tell me if my password was password1.bin.

        If you can: Congratulations, you've proven me wrong.
        Attached Files

        Comment


        • #19
          Originally posted by Wayne Luke View Post
          It is stored in the database as md5(md5($password) + $salt).

          The cookies that contains the password stored on the user's PC is:

          md5(md5(md5($password) + $salt) + COOKIE_SALT)

          COOKIE_SALT is the license ID of the software.
          Really hoping somebody can help me out here, thi is the final piece of a puzzle I've been working on for a few days now.

          I need to generate the cookie password from the database password so I can set the cookie. This is so I can fix the LDAP authentication plugin here http://www.vbulletin.org/forum/showthread.php?t=196596 which is not setting the cookie bbpassword when it sets user passwords, so its not obeying the 'remember me' tick box

          As is stated by Wayne earlier in this thread (and many others) the cookie password is derived as follows:

          Originally posted by Wayne Luke View Post

          md5(md5(md5($password) + $salt) + COOKIE_SALT)

          COOKIE_SALT is the license ID of the software.
          However when I code this, I do not get the same hashed value as what is stored in the cookie. Note that I can successfully generate the user.password hash as stored in the db with md5(md5($password) + $salt.

          The code I am using is very simply:

          <?php
          $calc_db_pwd = md5(md5($cleartext_password) . $salt_from_user_table);
          echo 'calc_db_pwd: ' . $calc_db_pwd . '<br>';
          $calc_cookie_pwd = md5(md5(md5($cleartext_password) . $salt_from_user_table).'VBF*******');
          echo 'calc cookie bbpassword: ' . $calc_cookie_pwd . '<br>';
          ?>
          The VBF******* value is obviously starred out, but I have taken this from our license, and cross checked it againast the value at the top of all the .php vbull code.

          But the $calc_cookie_pwd produced does not match the bbpassword in the cookie.

          I'm really stumped here, as I'm doing exactly what has been documented but no go.

          Any help welcome!
          Last edited by john.parlane; Wed 28 Apr '10, 8:06pm.

          Comment


          • #20
            Originally posted by Wayne Luke View Post
            It is stored in the database as md5(md5($password) + $salt).

            The cookies that contains the password stored on the user's PC is:

            md5(md5(md5($password) + $salt) + COOKIE_SALT)

            COOKIE_SALT is the license ID of the software.
            This doesnt work, took me a while to work it out but COOKIE_SALT is NOT the license ID of the software at all. It's not the VBFxxxxxxx value that you want. COOKIE_SALT is some internally generated hash value in vBulletin that you access literally as COOKIE_SALT. From class_core.php:

            Code:
            if (md5($userinfo['password'] . COOKIE_SALT) == $password)
            is the line that checks your password when you login.
            $password is the from the cookie, $userinfo['password'] is from the db user.password

            Comment


            • #21
              Slightly old thread this is.
              If you are using vB4, then the syntax may have changed. Depends on your vB version really, but you should use the support forum.
              That's it. If you REALLY can't say ANYTHING nice to me at all on this forum, then I am going to go insanely mad at you. I've had enough of the UNTOLD ABUSE you are all giving me and you should really be CONSIDERATE of other people.

              Comment

              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
              Working...
              X