MyBB Community Forums

MyBB Community Forums > Extensions > Plugins > Plugin Support > [SOLVED] How does MyBB salt passwords?
Full Version: [SOLVED] How does MyBB salt passwords?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

toast

2009-09-20, 12:15 PM
Hi, there.

According to a previous thread at http://community.mybboard.net/thread-33194.html, this is the function MyBB uses to salt its passwords:
function salt($password, $salt)
{
    return md5($password . md5($salt));
}

However, it doesn't seem to work for me Undecided I'm using the MyBB Integrator Class and the array of values come with the encrypted password and the salt. When I print the (already encrypted) password value from the integrator class, it's different from the recreated value.
// MyBB integrator class
$reg_user = $mybbi->getUser();
// where $reg_user['password'] is the hashed password
echo $reg_user['password'];

echo md5('password' . md5($reg_user['salt']));

Did I go wrong somewhere or has the hashing of passwords been updated in MyBB1.4?
Any help'd be greatly appreciated Big Grin

frostschutz

2009-09-20, 01:34 PM
md5(md5(password).md5(salt))

toast

2009-09-20, 01:40 PM
(2009-09-20, 01:34 PM)frostschutz Wrote: [ -> ]md5(md5(password).md5(salt))

Nope, doesn't work.

frostschutz

2009-09-20, 01:45 PM
right, it's the other way around

inc/functions_user.php Wrote:
if(salt_password(md5($password), $user['salt']) == $user['password'])


function salt_password($password, $salt)
{
        return md5(md5($salt).$password);
}

toast

2009-09-20, 02:03 PM
(2009-09-20, 01:45 PM)frostschutz Wrote: [ -> ]
return md5(md5($salt).$password);

That didn't work either, but a variation did, in case anyone else wondered:
md5(md5($salt).md5($password))

Thanks a lot frostschutz Big Grin
Problem solved!

frostschutz

2009-09-20, 02:14 PM
That's because $password at that point is already the md5

the function is called like this (which I also posted above):

salt_password(md5($password), $user['salt'])

toast

2009-09-20, 02:19 PM
(2009-09-20, 02:14 PM)frostschutz Wrote: [ -> ]the function is called like this (which I also posted above):

salt_password(md5($password), $user['salt'])

Ah okay, I must have missed that out. Regardless, thanks for your help. MyBB rocks Big Grin

exalented

2015-10-02, 05:17 PM
hello! Is there a java equivalent to this? Kind of new to this whole "salt"ing and "MD5"ing passwords and all. how can i retrieve the "salt" that mybb uses? Is it a set value or randomized? I'm looking to simulate this password encryption technique in java. thanksfor any help anyone can provide! Smile
MyBB Community Forums > Extensions > Plugins > Plugin Support > [SOLVED] How does MyBB salt passwords?