MyBB's Password Encryption Method?
#23
Technically md5 and sha1 are both cryptographic hashing functions, but are commonly used for encryption as well, since the hash can be substituted as an encrypted password. This combined with proper salting such as MyBB performs makes a very effective and secure password function.

I actually like the idea of the OTP encryption.
To generate a key we could basically use the same method as we do for the current salt... only pass it the length of the password to generate with. Or preferably the length of the password + salt.

$encrypted_pass = otp($salt.$plain_text_pass);

The otp key would be stored in the user table just like the salt and the finished encrypted passwd.


Messages In This Thread
MyBB's Password Encryption Method? - by Spencer - 2010-08-13, 04:40 AM
RE: MyBB's Password Encryption Method? - by KuJoe - 2010-08-13, 04:51 AM
RE: MyBB's Password Encryption Method? - by KuJoe - 2010-08-13, 05:25 AM
RE: MyBB's Password Encryption Method? - by Dylan M. - 2010-08-16, 12:52 AM

Forum Jump:


Users browsing this thread: 1 Guest(s)