Announcement

Collapse
No announcement yet.

SHA1 vs. MD5 encryption

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • SHA1 vs. MD5 encryption

    vB Sales staff,

    I'm using Snitz Forums right now and I'd like to upgrade to vB.

    However, vB uses MD5 encryption instead of Snitz' SHA1. If I try to import all the users, they will have to reset their passwords, which is aggravating and cumbersome.

    I was wondering if vB can be set to use SHA encryption so that my members do not have to change their passwords. If so, how?

    My second question is that is there any progress on the Snitz importer (for either vB2x or vB3). I really would like to upgrade, but the only thing stopping me is this "importing" business.

    Thank you and I hope support here is as good as I hear (from the other threads).

    Best regards,
    Agip

  • #2
    Isn't Snitz CGI/PERL?

    I don't know how secure SHA1 is but in theory its impossible to crack an MD5 password. Its probably the most secure password there is.

    As for SNitz importers, you might need to ask over at http://www.vbulletin.org for an importer.

    Usually these importers copy the passwords over from your previous forums to vBulletin and apply all the necessary md5 hashing.
    ManagerJosh, Owner of 4 XenForo Licenses, 1 vBulletin Legacy License, 1 Internet Brands Suite License
    Director, WorldSims.org | Gaming Hosting Administrator, SimGames.net, Urban Online Entertainment

    Comment


    • #3
      SHA is similar to MD5...

      I wish I could decrypt SHA passwords so that I could import it to vB (and save in MD5 encryption format), but I'm afraid I cannot do that (unless someone knows how).

      So is vB capable to run using SHA encryption instead of MD5?

      Comment


      • #4
        Im sure it would require file hacking, changing all the calls from md5() over. I dont know how many files that is in, im sure in member.php theres alot of calls to it, and the admin panel has a few in the edit user options.

        Im not finding any importers for Snitz forums, my advice is to find a board with a importer for it, then converting from that board over to vBulletin.

        Comment


        • #5
          there are too many MD5 calls for vBulletin to use SHA1...plus imagine the amount of headaches you will have everytime time a new version of vBulletin is released.
          ManagerJosh, Owner of 4 XenForo Licenses, 1 vBulletin Legacy License, 1 Internet Brands Suite License
          Director, WorldSims.org | Gaming Hosting Administrator, SimGames.net, Urban Online Entertainment

          Comment


          • #6
            in vBulletin 3 there is one md5 call and only one really in vB2.

            You could modify my code that i use in the YaBB se importer to convert passwords to md5 from sha1
            Scott MacVicar

            My Blog | Twitter

            Comment


            • #7
              Snitz is asp. It's an okay forums, but it doesn't have many features that vB has (eg. sub forums, templates, etc) and I think development for Snitz has stopped. In the long run, vB is the way to go.


              Scott, where can I find this YaBB se importer? If it can convert sha1 passwords to md5, that would be INCREDIBLE! I could simply adapt it to my current custom snitz importer (that sorta works but only for moving members).

              Comment


              • #8
                All importers are available for download in the member's area after you purchase a license.
                - AJ Zmudosky

                Comment


                • #9
                  Can I take a look at the YABB sha1 to md5 converter first? I want to make sure it exists and works before I want to buy a license.

                  Comment


                  • #10
                    it doesn't convert but you can modify the code so when people do login it uses the hashing scheme used in YaBB to check the password if it matches then its the right password and it then md5's what was inputed and stores that instead.

                    Its a very simple documentation but at the moment we dont have a Snitz convertor.
                    Scott MacVicar

                    My Blog | Twitter

                    Comment


                    • #11
                      okay...

                      so for the next 2 weeks, I'll be converting passwords on my forums from SHA to MD5 (with the YABB method).
                      It sounds fairly simple:

                      - user inputs password
                      - convert input to SHA, check pw with db
                      - if true, save inputted pw as MD5 as the NEW encrypted password

                      I'll make a new field to save the MD5 version of the password.


                      btw, I read that MD5 is easy to crack and that SHA is more secure and harder to crack. I'm not fairly grounded on this topic of cracking and encryption but is this true? if so, why does vB use MD5 instead of SHA? And will vB3 use SHA possibly?

                      Here is my source:
                      "MD5 can be brute-force reverse engineered fairly quickly (in minutes on a top end PC if the string isn't too long < 8 chars, few hours if its more than that)."

                      "MD5 isn't very secure compaired to sha256 or sha512"
                      http://forum.snitz.com/forum/topic.a...archTerms=,md5


                      Thanks guys!

                      Comment


                      • #12
                        I don't know if MD5 is easy to crack considering that the string is the same length regardless the password is 1 letter or 15 letters or however long the password is.

                        In any case, everything can be brute-forced with the proper know how. Brute Force is nothing more than a program that keeps on submitting unhashed passwords and then trying to login.

                        Basically, the program is an automatically form filler and keeps on trying until it gets a match.
                        ManagerJosh, Owner of 4 XenForo Licenses, 1 vBulletin Legacy License, 1 Internet Brands Suite License
                        Director, WorldSims.org | Gaming Hosting Administrator, SimGames.net, Urban Online Entertainment

                        Comment


                        • #13
                          vBulletin does some more hashing.

                          md5(md5($password) . $salt);

                          thats in vB3 making any brute forcing harder.

                          I'll download snitz today and have a look at the source and see if i can provide the same code in ASP though i've not use ASP that much.

                          What version of Snitz are you using?
                          Scott MacVicar

                          My Blog | Twitter

                          Comment


                          • #14
                            Originally posted by Scott MacVicar
                            I'll download snitz today and have a look at the source and see if i can provide the same code in ASP though i've not use ASP that much.
                            If you need any help, just send me a PM...

                            Comment

                            widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                            Working...
                            X