How do I remove the password encryption

Started by Geezy, February 27, 2015, 09:21:21 PM

Previous topic - Next topic

Geezy

Hello, users. First of all, sorry for my bad english i using Translate.
Now, as the title says. I want to know how to remove the encryption or if possible change md5 password,
Why would I want it? What happens is that I'm connecting some external way, so when "x" user logs into a server, then I thought the encriptaba password to md5 but it turns out that when I made the user and enter the forum, the password was changed to something that was not md5, I read somewhere is "SHA1 -> Salt". How do I remove or change it is possible to md5? Thank You.

Arantor

SMF hasn't used MD5 in a decade. Versions up to 2.0.9 use salted SHA1, 2.1 uses bcrypt. This is for security. MD5 is very weak, so is SHA1 these days which is why 2.1 uses bcrypt.

I guarantee no one here will consciously help you make your forum insecure. And if your uses found out you were storing passwords without encryption, they'd probably leave.

There are other ways to do what you're trying to do, which don't require making your site insecure but more details are needed, what are you trying to bridge to? Why is it so insecure in the first place?

Geezy

Quote from: Arantor on February 28, 2015, 01:21:52 AM
SMF hasn't used MD5 in a decade. Versions up to 2.0.9 use salted SHA1, 2.1 uses bcrypt. This is for security. MD5 is very weak, so is SHA1 these days which is why 2.1 uses bcrypt.

I guarantee no one here will consciously help you make your forum insecure. And if your uses found out you were storing passwords without encryption, they'd probably leave.

There are other ways to do what you're trying to do, which don't require making your site insecure but more details are needed, what are you trying to bridge to? Why is it so insecure in the first place?

Hmm, Sorry, maybe my answer is wrong because as he said not really understand English and therefore maybe not quite understand your answer, I understood a little. Well, as I also read SMF 1.x version uses MD5, Is that true ?. or what can you recommend me? Definitely smf you can not? I'll have to use another system? Please reply if using another system Please make MD5.

margarett

As far as I know, 1.1.x already uses sha1

MD5 is unsafe, that's why no one uses it these days. No, you cannot use it in SMF. As you can't use it in any other BB software that I know of...

Why do you need md5? What are you trying to do?
Se forem conduzir, não bebam. Se forem beber... CHAMEM-ME!!!! :D

QuoteOver 90% of all computer problems can be traced back to the interface between the keyboard and the chair

Arantor

YaBBSE used MD5, I forget whether SMF 1.0 used MD5 back in 2004, but certainly 1.1 and 2.0 use SHA1. 2.1 doesn't use either MD5 or SHA1, it uses a much, much more secure system called Bcrypt which everyone should be moving to sooner rather than later.

Actually some other software still does use MD5 because they don't realise how insecure it is.

Advertisement: