MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.2 Series > MyBB 1.2 General Support > How does MyBB encrypt a user's passwords?
Full Version: How does MyBB encrypt a user's passwords?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Soshite

2007-10-11, 01:01 AM
I'm thinking of trying to bridge my CMS with MyBB to have the user's be able to log into both with the same credentials.

Does MyBB's encode the passwords as a MD5 hash, or is it something more complex / a special format to MyBB?

(I'm trying to do this w/ MODx, which uses MD5 hashes, btw.)

Ryan Gordon

2007-10-11, 01:08 AM
md5(salt.md5(plain_text_password))

SimpleRules

2007-10-11, 01:17 AM
Is there any reason SHA-1 isn't used? I just wonder, I've used that and hear its stronger.

Ryan Gordon

2007-10-11, 01:47 AM
it's 32 characters vs. 40 characters. Personally it's not going to make any difference if the hacker is really ambitious about you in some reason (Did he loose in halo against you? Toungue) - And not only that the hacker would have to access your md5 AND salt (which is impossible unless they explicitly had access to the database users table which would mean an administrator with MySQL access) unless he wanted to take 20 or so years to try every possibility without triggering some sort of odd suspension.

And as for a few weeks ago MyBB 1.4's been on a feature lock while we finish the rest of the features and start preparing for beta testing.

I'm in no way against better algorithms, it's just as for now, we won't be implementing any new features. Maybe for 2.0 or some version along those lines.

Soshite

2007-10-11, 02:20 AM
Tikitiki Wrote:And as for a few weeks ago MyBB 1.4's been on a feature lock while we finish the rest of the features and start preparing for beta testing.

w00t. That's good news. ^.^

Yumi

2007-10-12, 06:07 AM
IIRC, SHA-1 function doesn't exist in PHP 3 - probably the main reason.

Otherwise, I personally don't think there's a difference. SHA has it's weaknesses too.

Snake

2007-10-12, 11:15 AM
Most providers should have PHP 4 and should be upgrading to PHP5.

spaceinvaders

2007-10-12, 01:33 PM
Snake Wrote:Most providers should have PHP 4 and should be upgrading to PHP5.
True, if your host is still running PHP3 then you should really consider requesting a long overdue upgrade or switching to a new host, lol Toungue.

Dale Hay

2007-10-12, 02:10 PM
Snake Wrote:Most providers should have PHP 4 and should be upgrading to PHP5.

Not too long till PHP6 is out and about. :p

Ryan Gordon

2007-10-12, 02:31 PM
Not to mention that MyBB doesn't even support PHP 3...

Oh and you can get up to 256 bit encryption with the mhash function using sha-1 and 512 bits with some other external scripts (still under testing it looks like)

I'd like to adopt a tough encryption standard like that some where along the lines of development after 1.4
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.2 Series > MyBB 1.2 General Support > How does MyBB encrypt a user's passwords?