Author |
Message |
firedemon666
Hangin' Around
Joined: Apr 28, 2006
Posts: 31
|
Posted:
Mon May 01, 2006 9:42 pm |
|
OK guys. I am relatively new to PHP nuke and could use just a tad bit of help here. After fumbling with MD5 hashes I realized how relatively easy they are to crack. If I wanted to up the ante on our site from MD5 to SHA256 encryption with this:
[ Only registered users can see links on this board! Get registered or login! ]
How would I go about implementing the files? Or if it is too much of a hassle, is it at least possible to change the encryption to SHA1?
Many thanks in advance |
|
|
|
|
Rumbaar
Regular
Joined: Apr 16, 2004
Posts: 78
Location: Melbourne, Australia
|
Posted:
Tue May 02, 2006 2:12 am |
|
Well I can't offer any implementation tips or info. But I have to say that currently on anything under a cluster server any password with 9+ character will be relatively un-crackable even for MD5 hash.
It's all about password size/combination that is ever the issue with MD5 hash. |
_________________ Victim's aren't we all! |
|
|
|
montego
Site Admin
Joined: Aug 29, 2004
Posts: 9457
Location: Arizona
|
Posted:
Tue May 02, 2006 6:08 am |
|
|
|
|
technocrat
Life Cycles Becoming CPU Cycles
Joined: Jul 07, 2005
Posts: 511
|
Posted:
Tue May 02, 2006 12:04 pm |
|
Here is a solution we have been using.
$password = md5(md5(md5(md5(md5($password)))));
Try breaking a two letter password that has been hashed 5x.
Also I think sh1 has also been broken. |
_________________ Nuke-Evolution
phpBB-Evolution / phpBB-Evolution Blog |
|
|
|
firedemon666
|
Posted:
Thu May 04, 2006 8:22 pm |
|
Hmmmm. What file would i modify with the 5x script? |
|
|
|
|
technocrat
|
Posted:
Thu May 04, 2006 11:23 pm |
|
I dont remember the default place in standard nuke. It would be in YA, just look for MD5 |
|
|
|
|
firedemon666
|
Posted:
Sat May 06, 2006 6:56 pm |
|
|
|
|
evaders99
Former Moderator in Good Standing
Joined: Apr 30, 2004
Posts: 3221
|
Posted:
Sat May 06, 2006 11:32 pm |
|
|
|
|
firedemon666
|
Posted:
Sat May 06, 2006 11:32 pm |
|
|
|
|
Eagle2
New Member
Joined: Nov 02, 2005
Posts: 24
|
Posted:
Sat Jun 03, 2006 7:56 am |
|
technocrat wrote: | Here is a solution we have been using.
$password = md5(md5(md5(md5(md5($password)))));
Try breaking a two letter password that has been hashed 5x.
Also I think sh1 has also been broken. |
First of all, hello to all and thanks for all your help guys!
I don't want to open a new topic cuz you'll see two similar topic...and I know that it's not so good.
My question is simple:
I've the CNB_YourAccount 750 4.4.2...the latest, for what I know, and, as you well know, the YourAccount module is all different from the original one...so...where should I search to change the code that you wrote?
I searched in the index.php and I found it but...is it the only change to do? I mean...how the de-encryption works and... should I change something there too?
I really would thank you for all your help guys, you're a really great community.
Best Regards. |
|
|
|
|
firedemon666
|
Posted:
Sat Jun 03, 2006 7:59 am |
|
I only changed the code in one file and the site seems to work perfectly. I can't remember which file it was I modded but if you give me about a week until my PC is fixed I can help you out.
Best of luck. |
|
|
|
|
|