How are the passwords encrypted?

Started by Cory94bailly, March 14, 2009, 06:18:01 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Cory94bailly

March 14, 2009, 06:18:01 PM
Hi, how are the passwords for smf encrypted?

I went SSI.php and saw this:
Code Select
function ssi_checkPassword($id = null, $password = null, $is_username = false)
{
global $db_prefix, $sourcedir;

// If $id is null, this was most likely called from a query string and should do nothing.
if ($id === null)
return;

$request = db_query("
SELECT passwd, memberName, is_activated
FROM {$db_prefix}members
WHERE " . ($is_username ? 'memberName' : 'ID_MEMBER') . " = '$id'
LIMIT 1", __FILE__, __LINE__);
list ($pass, $user, $active) = mysql_fetch_row($request);
mysql_free_result($request);

return sha1(strtolower($user) . $password) == $pass && $active == 1;
}

But (I think) that checks the username AND password, I only want to see how the passwords ALONE are encrypted...

Tristan Perry

#1
March 14, 2009, 06:22:58 PM Last Edit: March 14, 2009, 06:28:34 PM by Tristan Perry
It's encrypted via a randomly generated salt and sha1:

sha1($user_settings['passwd'] . $user_settings['password_salt'])

The salt is generated in Subs-Member.php:

'password_salt' => substr(md5(mt_rand()), 0, 4) ,

I *think* that "passwd" is based on the username and password. Again from Subs-Member.php:

sha1(strtolower($regOptions['username']) . $regOptions['password'])



I may be wrong, but to me the password system is:


  • Gets the username and password entered during registration, and encrypts it via sha1()
  • Generates a random salt which is 4 characters long based on the mt_rand() function, encrypted via md5()
  • Gets both of the above, concatenates them, and encrypts them via sha1()

Cory94bailly

#2
March 14, 2009, 06:41:47 PM
Quote from: Tristan Perry on March 14, 2009, 06:22:58 PM
It's encrypted via a randomly generated salt and sha1:

sha1($user_settings['passwd'] . $user_settings['password_salt'])

The salt is generated in Subs-Member.php:

'password_salt' => substr(md5(mt_rand()), 0, 4) ,

I *think* that "passwd" is based on the username and password. Again from Subs-Member.php:

sha1(strtolower($regOptions['username']) . $regOptions['password'])



I may be wrong, but to me the password system is:


  • Gets the username and password entered during registration, and encrypts it via sha1()
  • Generates a random salt which is 4 characters long based on the mt_rand() function, encrypted via md5()
  • Gets both of the above, concatenates them, and encrypts them via sha1()

If it gets a random number each time then how can I compare one that is being entered into a from -to- what's in the database?


(Btw, the question is if a user enters their password into a form, I want to check it with the one in the DB)

Cory94bailly

#3
March 14, 2009, 08:47:25 PM
(Sorry to bump but..)

This is kind of 'urgent' so please help me ;)

Cory94bailly

#4
March 14, 2009, 08:55:25 PM
Never mind..

Code Select
sha1(strtolower($user) . $passwd);
Print
Go Up Pages1
User actions
Advertisement: