[MyBB] Improved password encryption.

Adding in a sha1 won't make all that much difference. Bcrypt as w00t said is clearly the way to go.
He suggested bcrypting the whole thing like
bcrypt(md5($salt) . md5($password))
But you could also just catch everyone on next login and bcrypt their password.

(01-03-2015, 05:55 PM)phyrrus9 Wrote:

[To see links please register here]

How about we just get rid of md5 in it altogether in password hashing...

PHP Code:

function generate_hash($password, $salt)
{
     return md5(sha1(md5($salt) . md5($password)));
} 


That won't be getting broken anytime soon.
Wow necropost, reported.

And yeah, this tutorial was pretty shit.

(01-04-2015, 12:48 AM)Senpai Wrote:

[To see links please register here]

Wow necropost, reported.

And yeah, this tutorial was pretty shit.

Doesn't really count as gravedigging if the post is actually something useful.

(01-04-2015, 12:56 AM)Senpai Wrote:

[To see links please register here]

Shh, it was a joke, settle down.

How was your first time with a jew?

OT: It's hard to judge emotion over the internet. Shh.

Seriously OT: This looks like it'd take a while, and yes, a better encryption algorithm would be preferable.

(01-04-2015, 12:55 AM)Eclipse Wrote:

[To see links please register here]

Doesn't really count as gravedigging if the post is actually something useful.

Shh, it was a joke, settle down.

(01-04-2015, 12:59 AM)Eclipse Wrote:

[To see links please register here]

How was your first time with a jew?

Actually, it was pretty amazing :tongue:

OT: It's hard to judge emotion over the internet. Shh.

Seriously OT: This looks like it'd take a while, and yes, a better encryption algorithm would be preferable.

Yeah, if we implemented something good, we wouldn't have to worry about DB leaks as much. I recommended it

Or you could over complicate shit and parse in the userID and times that by pi, then concat it to the string pre-hash.

(01-04-2015, 03:06 AM)phyrrus9 Wrote:

[To see links please register here]

Actually, it was pretty amazing :tongue:


Yeah, if we implemented something good, we wouldn't have to worry about DB leaks as much. I recommended it

I recommend looking into this then

[To see links please register here]

It implements bcrypt into mybb.

Looks REALLY simple... I should write a RSA version :tongue:

Maybe RSA encrypt the entire database, so every time you query something it has to RSA decrypt it for validation or something. Hmm, neat.

use sha384+salt or bcrypt+salt.