| Author |
Message |
firedemon666
Hangin' Around
Joined: Apr 28, 2006
Posts: 31
|
 Posted:
Mon May 01, 2006 9:42 pm |
 
|
OK guys. I am relatively new to PHP nuke and could use just a tad bit of help here. After fumbling with MD5 hashes I realized how relatively easy they are to crack. If I wanted to up the ante on our site from MD5 to SHA256 encryption with this:
How would I go about implementing the files? Or if it is too much of a hassle, is it at least possible to change the encryption to SHA1?
Many thanks in advance  |
|
|
|
|
Rumbaar
Regular
Joined: Apr 16, 2004
Posts: 78
Location: Melbourne, Australia
|
| Posted:
Tue May 02, 2006 2:12 am |
|
Well I can't offer any implementation tips or info. But I have to say that currently on anything under a cluster server any password with 9+ character will be relatively un-crackable even for MD5 hash.
It's all about password size/combination that is ever the issue with MD5 hash. |
|
|
|
|
montego
Site Admin
Joined: Aug 29, 2004
Posts: 9136
Location: Arizona
|
| Posted:
Tue May 02, 2006 6:08 am |
|
Yes, and stay away from passwords with words that can be found in the dictionary. Off combinations of lower case and upper case letters and numbers works best. You can also throw in a special character, but be forewarned that some will not work with Nuke. |
|
|
|
|
|
technocrat
Life Cycles Becoming CPU Cycles
Joined: Jul 07, 2005
Posts: 511
|
| Posted:
Tue May 02, 2006 12:04 pm |
|
Here is a solution we have been using.
$password = md5(md5(md5(md5(md5($password)))));
Try breaking a two letter password that has been hashed 5x. 
Also I think sh1 has also been broken. |
|
|
|
|
|
firedemon666
Hangin' Around
Joined: Apr 28, 2006
Posts: 31
|
| Posted:
Thu May 04, 2006 8:22 pm |
|
Hmmmm. What file would i modify with the 5x script? |
|
|
|
|
|
technocrat
Life Cycles Becoming CPU Cycles
Joined: Jul 07, 2005
Posts: 511
|
| Posted:
Thu May 04, 2006 11:23 pm |
|
I dont remember the default place in standard nuke. It would be in YA, just look for MD5 |
|
|
|
|
|
firedemon666
Hangin' Around
Joined: Apr 28, 2006
Posts: 31
|
| Posted:
Sat May 06, 2006 6:56 pm |
|
|
|
|
|
evaders99
Former Moderator in Good Standing
Joined: Apr 30, 2004
Posts: 3221
|
| Posted:
Sat May 06, 2006 11:32 pm |
|
|
|
|
|
firedemon666
Hangin' Around
Joined: Apr 28, 2006
Posts: 31
|
| Posted:
Sat May 06, 2006 11:32 pm |
|
|
|
|
|
Eagle2
New Member
Joined: Nov 02, 2005
Posts: 24
|
| Posted:
Sat Jun 03, 2006 7:56 am |
|
| technocrat wrote: | Here is a solution we have been using.
$password = md5(md5(md5(md5(md5($password)))));
Try breaking a two letter password that has been hashed 5x.
Also I think sh1 has also been broken. |
First of all, hello to all and thanks for all your help guys!
I don't want to open a new topic cuz you'll see two similar topic...and I know that it's not so good.
My question is simple:
I've the CNB_YourAccount 750 4.4.2...the latest, for what I know, and, as you well know, the YourAccount module is all different from the original one...so...where should I search to change the code that you wrote?
I searched in the index.php and I found it but...is it the only change to do? I mean...how the de-encryption works and... should I change something there too?
I really would thank you for all your help guys, you're a really great community.
Best Regards. |
|
|
|
|
|
firedemon666
Hangin' Around
Joined: Apr 28, 2006
Posts: 31
|
| Posted:
Sat Jun 03, 2006 7:59 am |
|
I only changed the code in one file and the site seems to work perfectly. I can't remember which file it was I modded but if you give me about a week until my PC is fixed I can help you out.
Best of luck. |
|
|
|
|
|
|
|
|
|
![[Valid RSS]](http://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
:: 
::
