Password Hashing

[Monk]

Hi

 

I'm writing a couple of plugins, but I need to know what kind of hashing you are using for the password functions.. is it some type of hand rolled function? or is it a API that isn't posix ready..

 

mysql> SELECT Password FROM tc_users WHERE User_ID="Testz0r"; 
+--------------------------+
| Password                 |
+--------------------------+
| H0Of1A9wD/L4OBovEuHYZw== | 
+--------------------------+
1 row in set (0.00 sec)

 

At first I thought it was a crypt function, but it's not. It's not MD5, so is it SHA? DES?

[jcroom]

do a SELECT *, there are two columns one is called password and one is called MD5_PASSWORD

 

hope that helps

[Monk]

MD5_Password is NULL.

[jcroom]

Really? Checking through my DB there are no NULL rows in that column...

[jcroom]

mysql> SELECT * FROM tc_users WHERE MD5_PASSWORD IS NULL;
Empty set (0.02 sec)

[Monk]

doesn't work anyways. The MD5 sum is a sum of the Password, but the password function is some weird hash. It's not DES/crypt

[Monk]

Actually, nevermind. It does work.

 

..

Back to code hacking..

[jcroom]

Good luck

[Stealth]

I noticed that MD5_PASSWORD has not always been in the tcadmin database. Very old users may not have MD5 password generated. however, if the user changes their password, md5 will work.

 

You can use the SDK to read the hashed pass and create the MD5, or if you're adding users straight to the database make sure you set the MD5 pass.

 

Rgs

-Paul