Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #1  
Old 29 Aug 2013, 19:03
dmm2020 dmm2020 is offline
 
Join Date: Apr 2010
Password Hash Algorithm

Hi, according to other threads the following SHOULD compute the password hash for vBulletin:

md5(md5($rawpassword).#seed) where seed is the user hash.

However, it's not working on my server. Passwords do work within vBulletin but not when I am trying to set up a script licensing site to use the same vBulletin logins. When I run the same formula drawing from the same exact database, I get a different result. Not going to post the hash here but they are completely different results. Does anyone have a clue why that would be happening?
__________________
Doug Mewis
Owner, Friends Arcade, a gaming website for people to socialize and play games with some of the best games available
http://friends-arcade.com
Reply With Quote
  #2  
Old 29 Aug 2013, 22:48
Zachery's Avatar
Zachery Zachery is offline
 
Join Date: Jul 2002
Real name: Zachery Woods
Its a salt, not a seed, but where are you getting the salt from?

Here is a query I use to reset passwords:

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

__________________
Looking for ImpEx?
Reply With Quote
  #3  
Old 29 Aug 2013, 23:47
dmm2020 dmm2020 is offline
 
Join Date: Apr 2010
Thanks. Salt is what I mean. Not sure why I said seed.

--------------- Added 30 Aug 2013 at 00:45 ---------------

Here is my problem. This is not a real salt but it shows the special characters I am running into. I changed the alphanumeric characters.

6K)Gf"[email protected]|{N_ 6K)Gf"[email protected]|{N_ 0 [49]

This is what I see in phpMyAdmin and when I print_r($res) of the particular record I testing with.

What I get with the below code:

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

is this output: 6K)Gf"[email protected]|{N_

It seems almost like something changed in PHP because if something funky is in the hash character wise, the string is getting chopped. Is there a way around this?

--------------- Added 30 Aug 2013 at 00:56 ---------------

To explain what I am after, I want to set up a licensing site where the members login to the website using the same credentials as they use in the forum, but still a separate login, that is not sharing sessions. However, the above problem is stopping me and has me stumped as to what is causing PDO to chop part of it. Do I need to set a character set or something in the database?
__________________
Doug Mewis
Owner, Friends Arcade, a gaming website for people to socialize and play games with some of the best games available
http://friends-arcade.com

Last edited by dmm2020; 30 Aug 2013 at 00:57.
Reply With Quote
  #4  
Old 30 Aug 2013, 12:34
nhawk nhawk is offline
 
Join Date: Jan 2011
I don't know how you're getting special characters in salt. Salt is limited to ascii 33 to 126. None of those are control or special characters.

Now if you're getting special characters in your hash, that's a problem with your hash coding. Not with salt.
Reply With Quote
  #5  
Old 30 Aug 2013, 19:00
dmm2020 dmm2020 is offline
 
Join Date: Apr 2010
Originally Posted by nhawk View Post
I don't know how you're getting special characters in salt. Salt is limited to ascii 33 to 126. None of those are control or special characters.

Now if you're getting special characters in your hash, that's a problem with your hash coding. Not with salt.
I changed the salt but the problem I run into now, is the md5 formula before yields a different value in MySQL as compared to PHP. I am grabing the salt from $res[0]['salt'] and password from $_POST['[pass']) and using md5(md5($rawpassword).$salt) but this yields a different result than the MySQL version done in VB. Basically, what I want to do is set up a subsidiary site to log in with vb credentials (not sharing session data though).

EDIT: I figured out the problem. When user salt contains nonconventional characters (see nhawk's post), MD5 produces different results between php and MySQL.
__________________
Doug Mewis
Owner, Friends Arcade, a gaming website for people to socialize and play games with some of the best games available
http://friends-arcade.com

Last edited by dmm2020; 31 Aug 2013 at 03:49.
Reply With Quote
  #6  
Old 30 Aug 2013, 20:06
nerbert nerbert is offline
 
Join Date: May 2008
Worth a try:

md5( ( md5( trim( $rawpassword ) ) . trim($salt) )
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 12:32.

Layout Options | Width: Wide Color: