MyBB Tutorials
Improved Password Encryption
Submitted by Zenith, 13-10-2016, 04:42 AM, Thread ID: 23377
Thread Closed
Hi Rikka 
This makes it exceedingly difficult for an attacker to decrypt the password hashes on your forum. I recommend doing this while you have a small amount of members on your forum.
First up, open inc/functions_user.php in your favourite text editor, search for the following function.
PHP Code:
PHP Code:
Come up with a random 5 character long combination of letters and numbers, I'm going to use 3g45h in the example.
Modify the above function so that it looks like this:
PHP Code:
PHP Code:
It may seem a little overboard, but the security of your members passwords is the most important thing.
Open PHPMyAdmin and navigate to your mybb_users table, manually update each users password, by following the next step.
Openhttp://www.adamek.biz/md5-generator.phpthen enter the users current password hash, with your 5 random characters at the end.
For example.
Code:
Code:
Becomes
Code:
Code:
Click "Calculate MD5".
Copy the new hash and replace the users old password.
Upload your modified functions_user.php to your server.
Now if an attacker attempts to crack the hashes, it's useless unless they know your 5 random characters.
This makes it exceedingly difficult for an attacker to decrypt the password hashes on your forum. I recommend doing this while you have a small amount of members on your forum.
First up, open inc/functions_user.php in your favourite text editor, search for the following function.
PHP Code:
PHP Code:
Code:
functionsalt_password($password,$salt)
{
returnmd5(md5($salt).$password);
}Come up with a random 5 character long combination of letters and numbers, I'm going to use 3g45h in the example.
Modify the above function so that it looks like this:
PHP Code:
PHP Code:
Code:
functionsalt_password($password,$salt)
{
returnmd5(md5(md5($salt).$password)."3g45h");
}It may seem a little overboard, but the security of your members passwords is the most important thing.
Open PHPMyAdmin and navigate to your mybb_users table, manually update each users password, by following the next step.
Openhttp://www.adamek.biz/md5-generator.phpthen enter the users current password hash, with your 5 random characters at the end.
For example.
Code:
Code:
Code:
1a79a4d60de6718e8e5b326e338ae533Becomes
Code:
Code:
Code:
1a79a4d60de6718e8e5b326e338ae5333g45hClick "Calculate MD5".
Copy the new hash and replace the users old password.
Upload your modified functions_user.php to your server.
Now if an attacker attempts to crack the hashes, it's useless unless they know your 5 random characters.
![[Image: Yp8ZHSk.gif]](https://i.imgur.com/Yp8ZHSk.gif)
RE: Improved Password Encryption
30-10-2016, 03:48 PM
#2 RE: Improved Password Encryption
07-11-2016, 05:21 PM
#4 RE: Improved Password Encryption
07-11-2016, 06:56 PM
#5 RE: Improved Password Encryption
21-12-2016, 06:17 PM
#6 RE: Improved Password Encryption
03-07-2017, 09:09 PM
#7 Users browsing this thread: 1 Guest(s)