MyBB Community Forums

How can i decrypt the Security Keys which i find for a user in phpMyAdmin ?

What encryption does myBB use ?

MyBB uses salt and md5() to encrypt passwords. e.g.;

$password = random_str();
$logindetails = update_password($user['uid'], md5($password), $user['salt']);

They can't decrypt easily.

I.e they are not decryptable...not soon even by bruteforce. So even if you wanted, you can't.

$stored_pass = md5(md5($salt).md5($plaintext_password));

Even if you had the salt and the password you'd need a lot of processing power and a lot of time to crack it.

I don't get it ! Why does it take so much time ? If we find a way of How "MyBB software" decrypts the password from the phpMyadmin then why can we use the same method and decrypt it ?

Because an md5 cannot be undone, you have to brute force it with a password list until it finds a match, which could take years. There wouldn't be much point in encrypting it if you could just easily undo it, would there... MyBB doesn't decrypt it, when you login it encrypts the data you've give, and see if it matches what's in the database. If it does, then it knows you've entered the correct password.

It's not encrypted for laughs and giggles. Your invading the privacy of your members by decrypting their passwords. We wouldn't help you do that even if we could.

MyBB does not "decrypt" the password to check it. You're not understanding how password authentication takes place.

In the database we have a stored password hash. To verify a password against it, we re-hash what the user input as their plain text password, then check the two encrypted passwords against each other. If they match, good, if not, kick the user out.

However, what you're asking is basically how to hack a MyBB account if you have access to the password hashes. We're not going to help you do that.

/thread