I can not decrypt my password.
#1
This user has been denied support. This user has been denied support.
I am using crackstation.net
The passwords are salted...
Any help?
Reply
#2
Well yeah... That's intentional. It would be very poor software design to use MD5 and NOT salt the passwords.

You should never need to decrypt your password (and, to be pedantic, they're not encrypted; they're one-way hashed). If you're an admin and need to reset your password, find the password reset query in this docs section to regain access, then reset your password so that it will actually be salted and stored semi-securely.
PGP Key (Fingerprint: 23B6 F4C0 FE2D 45AA 61A0 1E86 DB87 09DC DD87 6E40)
Reply
#3
And what exactly is your question..? There are other tools that allow you to choose a more correct algorithm, you can use them instead, you know.

Also, since you have access to the DB, it would be smarter to just set a new password if it's really about your account...
UPDATE `mybb_users` SET `password` = '098f6bcd4621d373cade4e832627b4f6', `salt` = '' WHERE `uid` = 'X'
sets it to test, replace X with your UID.
Reply
#4
This user has been denied support. This user has been denied support.
(2015-12-13, 09:17 PM)Josh H. Wrote: Well yeah... That's intentional. It would be very poor software design to use MD5 and NOT salt the passwords.

You should never need to decrypt your password (and, to be pedantic, they're not encrypted; they're one-way hashed). If you're an admin and need to reset your password, find the password reset query in this docs section to regain access, then reset your password so that it will actually be salted and stored semi-securely.

On a forum I was on about 3 months ago, we got SQL Injected and the database was leaked... It was ok as there were only 500 members or so, but people decrypted my password... The forum used MyBB.
Reply
#5
(2015-12-14, 07:59 AM)mushface1 Wrote:
(2015-12-13, 09:17 PM)Josh H. Wrote: Well yeah... That's intentional. It would be very poor software design to use MD5 and NOT salt the passwords.

You should never need to decrypt your password (and, to be pedantic, they're not encrypted; they're one-way hashed). If you're an admin and need to reset your password, find the password reset query in this docs section to regain access, then reset your password so that it will actually be salted and stored semi-securely.

On a forum I was on about 3 months ago, we got SQL Injected and the database was leaked... It was ok as there were only 500 members or so, but people decrypted my password... The forum used MyBB.

It is possible to brute force the password with the use of tools such as rainbow tables. All it takes is a little time. MyBB 2.0 uses Bcrypt, which is a much better hashing mechanism that takes longer to crack.
Reply
#6
This user has been denied support. This user has been denied support.
(2015-12-14, 01:08 PM)Euan T Wrote:
(2015-12-14, 07:59 AM)mushface1 Wrote:
(2015-12-13, 09:17 PM)Josh H. Wrote: Well yeah... That's intentional. It would be very poor software design to use MD5 and NOT salt the passwords.

You should never need to decrypt your password (and, to be pedantic, they're not encrypted; they're one-way hashed). If you're an admin and need to reset your password, find the password reset query in this docs section to regain access, then reset your password so that it will actually be salted and stored semi-securely.

On a forum I was on about 3 months ago, we got SQL Injected and the database was leaked... It was ok as there were only 500 members or so, but people decrypted my password... The forum used MyBB.

It is possible to brute force the password with the use of tools such as rainbow tables. All it takes is a little time. MyBB 2.0 uses Bcrypt, which is a much better hashing mechanism that takes longer to crack.

Where can I get rainbow tables?
Reply
#7
(2015-12-18, 06:12 PM)mushface1 Wrote:
(2015-12-14, 01:08 PM)Euan T Wrote:
(2015-12-14, 07:59 AM)mushface1 Wrote:
(2015-12-13, 09:17 PM)Josh H. Wrote: Well yeah... That's intentional. It would be very poor software design to use MD5 and NOT salt the passwords.

You should never need to decrypt your password (and, to be pedantic, they're not encrypted; they're one-way hashed). If you're an admin and need to reset your password, find the password reset query in this docs section to regain access, then reset your password so that it will actually be salted and stored semi-securely.

On a forum I was on about 3 months ago, we got SQL Injected and the database was leaked... It was ok as there were only 500 members or so, but people decrypted my password... The forum used MyBB.

It is possible to brute force the password with the use of tools such as rainbow tables. All it takes is a little time. MyBB 2.0 uses Bcrypt, which is a much better hashing mechanism that takes longer to crack.

Where can I get rainbow tables?
Certainly not here. Attempting to crack passwords, especially for nefarious uses, can be illegal in some jurisdictions.
Reply
#8
(2015-12-14, 07:59 AM)mushface1 Wrote: On a forum I was on about 3 months ago, we got SQL Injected and the database was leaked... It was ok as there were only 500 members or so, but people decrypted my password... The forum used MyBB.

If your password was reversed by brute force, there's a good likelihood you should choose a better password.

Yes, collisions are possible, but rare.
PGP Key (Fingerprint: 23B6 F4C0 FE2D 45AA 61A0 1E86 DB87 09DC DD87 6E40)
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)