MyBB's Password Encryption Method?
#24
I always figured that all encryption algorithms can be reversed with another algorithm. Since the MD5 algorithm is not reversible as there is no link to the original data or string, then I assumed it would not be considered an encryption method.

The reason being is that the purpose of encryption is to hide the actual values of a specific data chunk. Unless the reader has access to the encryption key (which is used for decrypting the data to it's original form), then it would render useless to them. MD5 is primarily used for data integrity to ensure that it matches the specified value.

For instance, encryption would involve using an algorithm to hide the password on the client side, then pass it to the server, which would then use the encryption key to decrypt the encrypted string, which would then have the correct password and compare to the stored value. This stops people sniffing or repeating/modifying packet contents. However, with MD5 algorithms, the client would send the original password string, the server would obtain the MD5 value of the string, which would then compare the string they have stored in the database. The MD5 method is mainly used for any protection of password reading attempts on the server side.

It basically stops people from using SQL injection to obtain passwords from your database, or for you nosey administrator's to not be able to view a password without modification to the core coding. Wink


Messages In This Thread
MyBB's Password Encryption Method? - by Spencer - 2010-08-13, 04:40 AM
RE: MyBB's Password Encryption Method? - by KuJoe - 2010-08-13, 04:51 AM
RE: MyBB's Password Encryption Method? - by KuJoe - 2010-08-13, 05:25 AM
RE: MyBB's Password Encryption Method? - by Sleepwalker - 2010-08-16, 01:03 AM

Forum Jump:


Users browsing this thread: 1 Guest(s)