2015-12-13, 09:05 PM
2015-12-13, 09:17 PM
Well yeah... That's intentional. It would be very poor software design to use MD5 and NOT salt the passwords.
You should never need to decrypt your password (and, to be pedantic, they're not encrypted; they're one-way hashed). If you're an admin and need to reset your password, find the password reset query in this docs section to regain access, then reset your password so that it will actually be salted and stored semi-securely.
You should never need to decrypt your password (and, to be pedantic, they're not encrypted; they're one-way hashed). If you're an admin and need to reset your password, find the password reset query in this docs section to regain access, then reset your password so that it will actually be salted and stored semi-securely.
2015-12-13, 09:19 PM
And what exactly is your question..? There are other tools that allow you to choose a more correct algorithm, you can use them instead, you know.
Also, since you have access to the DB, it would be smarter to just set a new password if it's really about your account...
Also, since you have access to the DB, it would be smarter to just set a new password if it's really about your account...
UPDATE `mybb_users` SET `password` = '098f6bcd4621d373cade4e832627b4f6', `salt` = '' WHERE `uid` = 'X'2015-12-14, 07:59 AM
(2015-12-13, 09:17 PM)Josh H. Wrote: [ -> ]Well yeah... That's intentional. It would be very poor software design to use MD5 and NOT salt the passwords.
You should never need to decrypt your password (and, to be pedantic, they're not encrypted; they're one-way hashed). If you're an admin and need to reset your password, find the password reset query in this docs section to regain access, then reset your password so that it will actually be salted and stored semi-securely.
On a forum I was on about 3 months ago, we got SQL Injected and the database was leaked... It was ok as there were only 500 members or so, but people decrypted my password... The forum used MyBB.
2015-12-14, 01:08 PM
(2015-12-14, 07:59 AM)mushface1 Wrote: [ -> ](2015-12-13, 09:17 PM)Josh H. Wrote: [ -> ]Well yeah... That's intentional. It would be very poor software design to use MD5 and NOT salt the passwords.
You should never need to decrypt your password (and, to be pedantic, they're not encrypted; they're one-way hashed). If you're an admin and need to reset your password, find the password reset query in this docs section to regain access, then reset your password so that it will actually be salted and stored semi-securely.
On a forum I was on about 3 months ago, we got SQL Injected and the database was leaked... It was ok as there were only 500 members or so, but people decrypted my password... The forum used MyBB.
It is possible to brute force the password with the use of tools such as rainbow tables. All it takes is a little time. MyBB 2.0 uses Bcrypt, which is a much better hashing mechanism that takes longer to crack.
2015-12-18, 06:12 PM
(2015-12-14, 01:08 PM)Euan T Wrote: [ -> ](2015-12-14, 07:59 AM)mushface1 Wrote: [ -> ](2015-12-13, 09:17 PM)Josh H. Wrote: [ -> ]Well yeah... That's intentional. It would be very poor software design to use MD5 and NOT salt the passwords.
You should never need to decrypt your password (and, to be pedantic, they're not encrypted; they're one-way hashed). If you're an admin and need to reset your password, find the password reset query in this docs section to regain access, then reset your password so that it will actually be salted and stored semi-securely.
On a forum I was on about 3 months ago, we got SQL Injected and the database was leaked... It was ok as there were only 500 members or so, but people decrypted my password... The forum used MyBB.
It is possible to brute force the password with the use of tools such as rainbow tables. All it takes is a little time. MyBB 2.0 uses Bcrypt, which is a much better hashing mechanism that takes longer to crack.
Where can I get rainbow tables?
2015-12-18, 06:24 PM
(2015-12-18, 06:12 PM)mushface1 Wrote: [ -> ]Certainly not here. Attempting to crack passwords, especially for nefarious uses, can be illegal in some jurisdictions.(2015-12-14, 01:08 PM)Euan T Wrote: [ -> ](2015-12-14, 07:59 AM)mushface1 Wrote: [ -> ](2015-12-13, 09:17 PM)Josh H. Wrote: [ -> ]Well yeah... That's intentional. It would be very poor software design to use MD5 and NOT salt the passwords.
You should never need to decrypt your password (and, to be pedantic, they're not encrypted; they're one-way hashed). If you're an admin and need to reset your password, find the password reset query in this docs section to regain access, then reset your password so that it will actually be salted and stored semi-securely.
On a forum I was on about 3 months ago, we got SQL Injected and the database was leaked... It was ok as there were only 500 members or so, but people decrypted my password... The forum used MyBB.
It is possible to brute force the password with the use of tools such as rainbow tables. All it takes is a little time. MyBB 2.0 uses Bcrypt, which is a much better hashing mechanism that takes longer to crack.
Where can I get rainbow tables?
2015-12-18, 11:50 PM
(2015-12-14, 07:59 AM)mushface1 Wrote: [ -> ]On a forum I was on about 3 months ago, we got SQL Injected and the database was leaked... It was ok as there were only 500 members or so, but people decrypted my password... The forum used MyBB.
If your password was reversed by brute force, there's a good likelihood you should choose a better password.
Yes, collisions are possible, but rare.