Blog Documentation Try Vanilla Cloud
Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Options

Password hashing

LuckyRiverLuckyRiver New
in Vanilla 2.0 - 2.8

Hi,

I was doing some refactoring work on my custom authentication module which has already support for numerous authentication boards (XF, IPB, Modx, phpBB3, SMF) but it lacks Vanilla support. Thus, I just downloaded the Vanilla core to try out. I looked at the database and saw that hashed password is stored.
I need to match that stored hashed password but I don't know what kind of encryption Vanilla uses?

There are several columns in gdn_user. I see HashMethod has Vanilla as value.

  1. HashMethod
    Vanilla

What kind of hash method that vanilla supports so I can pick up the right one to encrypt?

Password
$P$BoMsbHPGJRRH8EWxEoKcUm/Zx.8BQv1

  1. And as for the Attributes column, what is the use of the Attributes , is it a salted key?

a:1:{s:12:"TransientKey";s:12:"7U8HWPSD4O1V";}

Ideally I like to know if salted key is used. If not any specific configuration prior to hash like iteration number ...

Any help is appreciated!

Thanks!

LR

Comments

  • Options
    TamaTama United Kingdom ✭✭✭

    for the hash, check this search https://github.com/vanillaforums/Garden/search?q=hash&type=Code I believe Vanilla uses an external hashing library

    There was an error rendering this rich post.

  • Options
    LuckyRiverLuckyRiver New

    Thx Tama!

    Exactly, it simply uses http://www.openwall.com/phpass/ similarly done with phpBB3. Thus, it requires no much code to get the password matched! :)

  • Options
    LuckyRiverLuckyRiver New

    Site demo will be up this coming weekend as I've fully integrated and tested authentication! Please join to test drive Texas Hold'em playing with bots or friends. I'll post link to demo the game. Is there any portal plug-in I can use with Vanilla?

  • Options
    UnderDogUnderDog MVP

    @LuckyRiver said:
    Is there any portal plug-in I can use with Vanilla?

    VanillaCMS had potential. It all depends on what you want to achieve. Would you like to re-create PHP-Nuke?

    There was an error rendering this rich post.

  • Options
    LuckyRiverLuckyRiver New
    edited September 2013

    I need something similar to Xenforo xenporta or IPB Content to feed block of data from various source (database, json stream, ....) . I'm working on the Leaderboard which displays player's name, balance ... Could VanillaCMS provide such features? Thanks, I'll check it out.

  • Options
    x00x00 MVP

    It is more like a basic CMS. This wouldn't be a plugin anyway. More of an Application.

    Vanilla is built ontop of the Garden framework (MVC) in fact when you download vanilla you are getting the garden core, dashboard, vanilla, and conversations.

    However if you aren't going to do the development find a suitable candidate then integrate.

    grep is your friend.

  • Options
    LuckyRiverLuckyRiver New

    Here you go:

    Registration: http://holdemfever.net/vanilla

    Texas Hold'em: http://holdemfever.net:8181/poker/cubeiaclassic

    To access game, use same user/password as your forum account.
    To see avatar in game, you must have forum photo uploaded.

    For the game to start, it needs to be 2 people to sit at the same table!

    Game is open source, thus free to install on any vps/dedicated server with root account.

Sign In or Register to comment.