Upgrade now, save 50% off for a limited time! Click here to upgrade.

[MyBB] Improved password encryption.
#1
This makes it exceedingly difficult for an attacker to decrypt the password hashes on your forum. I recommend doing this while you have a small amount of members on your forum.

First up, open inc/functions_user.php in your favourite text editor, search for the following function.
PHP Code:

PHP Code:
function salt_password($password, $salt)
{
    return md5(md5($salt).$password);
}
  

Come up with a random 5 character long combination of letters and numbers, I'm going to use 3g45h in the example.

Modify the above function so that it looks like this:
PHP Code:

PHP Code:
function salt_password($password, $salt)
{
    return md5(md5(md5($salt).$password)."3g45h");
}
  

It may seem a little overboard, but the security of your members passwords is the most important thing.

Open PHPMyAdmin and navigate to your mybb_users table, manually update each users password, by following the next step.
Open http://www.adamek.biz/md5-generator.php then enter the users current password hash, with your 5 random characters at the end.

For example.
Code:

Code:
1a79a4d60de6718e8e5b326e338ae533

Becomes

Code:

Code:
1a79a4d60de6718e8e5b326e338ae5333g45h

Click "Calculate MD5".

Copy the new hash and replace the users old password.

Upload your modified functions_user.php to your server.

Now if an attacker attempts to crack the hashes, it's useless unless they know your 5 random characters.

Add me on steam  Yus
My steam graphics service -> here
[-] The following 1 user Likes Devourz's post:
  • Red
Reply
#2
(10-07-2016, 09:27 PM)Devourz Wrote: snip

Very nice man, thank you for sharing this! This will come in handy. Heart

Are you a guest to this site? Click the image below and sign up today!
[Image: FTYbRmR.gif]
[-] The following 1 user Likes Red's post:
  • Devourz
Reply
#3
Nice tutorial, I suggest using BCRYPT though.

[Image: py063Fi.png]
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)