Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Options
How vanilla encodes passwords?
luisgzafra
New
How vanilla encodes passwords?
I saw it was in md5, but not sure, can you clarify me?
0
Best Answer
-
Optionsluisgzafra
New
I have to use it in another script that is not vanilla, so it was like this:
$Vanilla_PasswordHash = new PasswordHash(); $a = $Vanilla_PasswordHash->HashPassword('123456'); echo $Vanilla_PasswordHash->CheckPassword('123456', $a, 'Vanilla'); echo $a;Now all I have to change the subdomain HashMethod vanilla to the site, a random string or something.
Although return different strings, it works.
Solved, Thanks!
*How do i thank on this board? ¿Karma or something?
0
Answers
passeords are in md5 hash
There was an error rendering this rich post.
sort of.
you can use different ways. the default is phppass
which is simular to md5 and uses it in it algorithm
http://www.openwall.com/phpass/
grep is your friend.
actually not quite
grep is your friend.
For example, for 123456 it save in User (table), Password = $P$BrCcPc.mOwmL.7dO6EExggauzt0YqG/
For 111111 I need get the hash.
I only need encode.
I'm seeing PasswordHash class, I'll look phpass
grep is your friend.
I saw that, but generates a random string is not always the same pass.
I need it when creating a new site, insert the password of the administrator.
I think the HashMethod row has something to do.
$PasswordHash->CheckPassword('123456', '$P$BrCcPc.mOwmL.7dO6EExggauzt0YqG/', 'Vanilla');returns true.
I'm still seeing this class.
Yes you need both the stored hash and the suposed password to check. This is an extra layer of security.
They are not directly compared, in effect phppass uses crypt_private to retrieve the actual hash that can be compared to the storedhash
Have a look at CheckPassword
grep is your friend.
HashMethod row determines whether you are goign to use phppass in the first place.
grep is your friend.
so the method is if there is already a record you need both the stored has hash the password to create a hash to compare to the stored hash. Make sense?
grep is your friend.
so the user either exist, or you create them.
grep is your friend.
I have to use it in another script that is not vanilla, so it was like this:
$Vanilla_PasswordHash = new PasswordHash(); $a = $Vanilla_PasswordHash->HashPassword('123456'); echo $Vanilla_PasswordHash->CheckPassword('123456', $a, 'Vanilla'); echo $a;Now all I have to change the subdomain HashMethod vanilla to the site, a random string or something.
Although return different strings, it works.
Solved, Thanks!
*How do i thank on this board? ¿Karma or something?
You must also add $portable_hashes = 'vanilla'.
I leave it written for anyone else who needed it in the future ...
luisgzafra said:
You click like on x00's comments.
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
Thanks @peregrine!