Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Try Vanilla Forums Cloud product

In this Discussion

Changing hash method

nshusanshusa New
edited March 24 in Vanilla 2.5 Help

Is there a way currently we can change the default hash algorithm instead of using the "Vanilla Hash".

Comments

  • the question is why would you want to?

    yes you can define the PasswordHash class so it is include earlier than the autoloader to sit gets extended by Gdn_PasswordHash with the required methods HashPassword and CheckPassword.

    However phppass used by is stronger than the one used by wordpress and uses blowfish encryption as well. Unless you are an expert on hashes and cryptography, you unlikely better it. It is best not messed with.

    The other hashes include for compatibility with other framework are generally weaker.

    Remember that SSO is a different animal.

    grep is your friend.

    Linc
  • nshusanshusa New
    edited April 15

    @x00 said:
    the question is why would you want to?

    yes you can define the PasswordHash class so it is include earlier than the autoloader to sit gets extended by Gdn_PasswordHash with the required methods HashPassword and CheckPassword.

    However phppass used by is stronger than the one used by wordpress and uses blowfish encryption as well. Unless you are an expert on hashes and cryptography, you unlikely better it. It is best not messed with.

    The other hashes include for compatibility with other framework are generally weaker.

    Remember that SSO is a different animal.

    Because I previously had forum integration with my game. I used IPB and by default they use blowfish so I have the implementation all setup for blowfish. If I were to keep "Vanilla" as the default hash I would need Java implementation of it to use it in my server.

  • The logical thing to do would be to use Vanilla as the authority in a SSO arrangement.

    I don't know if ipb uses blowfish looking at the method used in garden it is of the form

    md5(md5($salt).md5($password));

    which isn't as good as blowshish.

    Note while some hashes are transportable, it is not a good mode of think to thinking of hashes as necessarily transferable.

    Btw Java has a fork of phppass

    https://github.com/Mollom/phpass-java

    grep is your friend.

Sign In or Register to comment.