Blog Documentation Book a Demo
Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

md5 hash to passwords vanilla

kelvinkelvin
edited April 2009 in Vanilla 1.0 Help
how to change md5 hash to password from db vanilla
md5:
1a36591bceec49c832079e270d7e8b73

db vanilla:
$P$BPu472N06KjuZswjp9oIjou2K7ZV2t.

both are not same, how can I convert with this hash?

Comments

  • DinoboffDinoboff
    edited December 2008
    You can't you need the real password. Vanilla is using phpass to create (and check against) the new hash. We have extended it (PeoplePasswordHash) so that can also use md5 hash to check the password (and create a new hash if a md5 hash is used): http://lussumo.com/svn/people/tags/People-1.1.5/People.Class.PasswordHash.php
  • kelvinkelvin
    forget it, I use addon Md5authenticator
    do you know about Md5authenticator?
  • SubJunkSubJunk ✭✭
    I guess that was a test password because "blablabla" is easily crackable :)
  • sirlancelotsirlancelot New
    edited December 2008
    MD5 should not be used for passwords. It is very easy to crack, as SubJunk pointed out above.

    Case in point: http://passcracking.com/
    Also: http://md5-db.com/
  • kelvinkelvin
    thanks for your helpful.
    can someone write a example source?
    that is important for me, I need a example source from phpbb to vanilla of member list..
    phpbbb uses md5, I know that is bad. how can I convert to passwords vanilla? someone better idea?
  • DinoboffDinoboff
    The password are converted when the users log-in. It can use md5 password.
  • gprestongpreston
    Might be worth just forcing all users to reset their password on the new system? Kind of the brute force way to deal with it
  • kelvinkelvin
    good idea about reset password...
    @dinoboff,
    you mean I can use with md5, this will convert automatic to phpass?
  • sirlancelotsirlancelot New
    Vanilla will recognize both MD5 and PHPass in its database. When a user logs in to Vanilla and authenticates to an MD5 hash of their password, it is converted on-the-fly to PHPass and then saved back to the database. The MD5 hash is destroyed during this action, seemlessly securing any user account that logs in.
  • kelvinkelvin
    thank for your tipp, you mean this will automatic convert, if I put md5 hash in db of vanilla Or I should code a convert from md5 to phpass? kelvin
  • sirlancelotsirlancelot New
    You can't convert them yourself without knowing their password. "...it is converted on-the-fly to PHPass and then saved back to the database." # 10
  • kelvinkelvin
    sorry, I didnt read. yeah on-the-fly easy nice..thanks for support
  • travisjefferytravisjeffery
    Is there a way to set the type of hash when passwords that are changed? By default it uses the phpass but I need it to be md5.
  • DinoboffDinoboff
    See this discussion: http://lussumo.com/community/discussion/8609/2/vanilla-password-security/
  • BentotBentot New
    How do I translate this to alphanumeric?

    md5:
    1a36591bceec49c832079e270d7e8b73
  • sirlancelotsirlancelot New
    @Bentot, MD5 is alphanumeric. alphanumeric = Letters & Numbers

    The secret to that MD5 though is "blablabla"
Sign In or Register to comment.