2006-06-18, 12:39 PM
I would to do wapgate of mybb,but i dont understand how is working security in mybb(salt,loginkey and password).can someone explain it to me?thx a lot
2006-06-18, 12:39 PM
2006-06-18, 12:43 PM
2006-06-18, 12:49 PM
Hey,
Well the way mybb deals with passwords is so simple but strong.
The password in the database is stored hased, by going through through some procedure whihc is md5() of the the md5() of the real password, added to the md5() of the salt. So it is something like md5(md5($salt).$password);.
The login key, is mainly to ensure clean handling of the cookies while logining in, so in case the salted password which will be in the cookie was different than the login key, the login attempt will fail.
regards
GOSH I WAS SLOW
Well the way mybb deals with passwords is so simple but strong.
The password in the database is stored hased, by going through through some procedure whihc is md5() of the the md5() of the real password, added to the md5() of the salt. So it is something like md5(md5($salt).$password);.
The login key, is mainly to ensure clean handling of the cookies while logining in, so in case the salted password which will be in the cookie was different than the login key, the login attempt will fail.
regards
GOSH I WAS SLOW
2006-06-18, 06:18 PM