Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #1  
Old 08 Feb 2014, 13:50
Gavo34 Gavo34 is offline
 
Join Date: Feb 2013
VB5.1 beta - validate user with blowfish?

How does VB5.1.0 beta validate users with blowfish?

Older Versions

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Is it something like


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.


Thanks
Reply With Quote
  #2  
Old 01 Oct 2014, 16:20
David King David King is offline
 
Join Date: Sep 2014
Lightbulb Blowfish algorithm

Fair warning: I am pretty green when it comes to vBulletin; also, I'm not a PHP hacker so apologies for using the wrong language below. Hopefully somebody else will be able to translate this into sensible PHP.

I needed to do the same thing (for account integration with another application) so I had a rummage through the code and this is what I've come up with:

Is it something like


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

?
user table field scheme indicates which hashing algorithm to use. You must check this before checking the token field (which contains the actual hash according to the indicated algorithm).

scheme == 'legacy' indicates the old style of password hash (which you outlined), and you will find the necessary salt in secret.

scheme == 'blowfish:10' indicates a 10-round blowfish cipher. The Python code to handle both schemes (using passlib) is:

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

AIUI, the same can be accomplished with bcrypt directly by replacing the passlib line with:

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Note that for both blowfish and legacy schemes, the raw password should be MD5summed first.

(This puzzles me, because it seems that it restricts the possible input character set and length to [0-9a-f]{32}, but I'm also no crypto expert )
Reply With Quote
Reply

Similar Threads
Thread Thread Starter Forum Replies Last Post
Add-On Releases Elinks - User content links share - beta 0.8 Vaupell vBulletin 3.8 Add-ons 25 08 Apr 2009 21:49
Store Hack Addon: Lock User's Point Count (Beta) Link14716 vBulletin 2.x Beta Releases 19 31 May 2003 21:51



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 16:01.

Layout Options | Width: Wide Color: