Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In with Facebook Sign In with Google Sign In with OpenID Sign In with Twitter
Sign In Apply for Membership

Categories

In this Discussion

Who's Online 14

6apxatCurtisOdenHotBlackericgillettelortabac +9 guests

md5 hash to passwords vanilla

kelvinkelvin
in Vanilla 1
how to change md5 hash to password from db vanilla
md5:
1a36591bceec49c832079e270d7e8b73

db vanilla:
$P$BPu472N06KjuZswjp9oIjou2K7ZV2t.

both are not same, how can I convert with this hash?

Comments

  • DinoboffDinoboff
    Posts: 1,880
    You can't you need the real password. Vanilla is using phpass to create (and check against) the new hash. We have extended it (PeoplePasswordHash) so that can also use md5 hash to check the password (and create a new hash if a md5 hash is used): http://lussumo.com/svn/people/tags/People-1.1.5/People.Class.PasswordHash.php
  • kelvinkelvin
    Posts: 36
    forget it, I use addon Md5authenticator
    do you know about Md5authenticator?
  • SubJunkSubJunk
    Posts: 657
    I guess that was a test password because "blablabla" is easily crackable :)
  • sirlancelotsirlancelot
    Posts: 408
    MD5 should not be used for passwords. It is very easy to crack, as SubJunk pointed out above.

    Case in point: http://passcracking.com/
    Also: http://md5-db.com/
  • kelvinkelvin
    Posts: 36
    thanks for your helpful.
    can someone write a example source?
    that is important for me, I need a example source from phpbb to vanilla of member list..
    phpbbb uses md5, I know that is bad. how can I convert to passwords vanilla? someone better idea?
  • DinoboffDinoboff
    Posts: 1,880
    The password are converted when the users log-in. It can use md5 password.
  • gprestongpreston
    Posts: 83
    Might be worth just forcing all users to reset their password on the new system? Kind of the brute force way to deal with it
  • kelvinkelvin
    Posts: 36
    good idea about reset password...
    @dinoboff,
    you mean I can use with md5, this will convert automatic to phpass?
  • sirlancelotsirlancelot
    Posts: 408
    Vanilla will recognize both MD5 and PHPass in its database. When a user logs in to Vanilla and authenticates to an MD5 hash of their password, it is converted on-the-fly to PHPass and then saved back to the database. The MD5 hash is destroyed during this action, seemlessly securing any user account that logs in.
  • kelvinkelvin
    Posts: 36
    thank for your tipp, you mean this will automatic convert, if I put md5 hash in db of vanilla Or I should code a convert from md5 to phpass? kelvin
  • sirlancelotsirlancelot
    Posts: 408
    You can't convert them yourself without knowing their password. "...it is converted on-the-fly to PHPass and then saved back to the database." # 10
  • kelvinkelvin
    Posts: 36
    sorry, I didnt read. yeah on-the-fly easy nice..thanks for support
  • travisjefferytravisjeffery
    Posts: 2
    Is there a way to set the type of hash when passwords that are changed? By default it uses the phpass but I need it to be md5.
  • DinoboffDinoboff
    Posts: 1,880
    See this discussion: http://lussumo.com/community/discussion/8609/2/vanilla-password-security/
  • BentotBentot
    Posts: 127
    How do I translate this to alphanumeric?

    md5:
    1a36591bceec49c832079e270d7e8b73
  • sirlancelotsirlancelot
    Posts: 408
    @Bentot, MD5 is alphanumeric. alphanumeric = Letters & Numbers

    The secret to that MD5 though is "blablabla"
Sign In or Register to comment.