MyBB Tutorials

Improved Password Encryption

Submitted by Zenith, , Thread ID: 23377

Thread Closed
13-10-2016, 04:42 AM
#1
Hi Rikka Smile

This makes it exceedingly difficult for an attacker to decrypt the password hashes on your forum. I recommend doing this while you have a small amount of members on your forum.

First up, open inc/functions_user.php in your favourite text editor, search for the following function.
PHP Code:

PHP Code:
Code:
functionsalt_password($password,$salt)
{
returnmd5(md5($salt).$password);
}


Come up with a random 5 character long combination of letters and numbers, I'm going to use 3g45h in the example.

Modify the above function so that it looks like this:
PHP Code:

PHP Code:
Code:
functionsalt_password($password,$salt)
{
returnmd5(md5(md5($salt).$password)."3g45h");
}


It may seem a little overboard, but the security of your members passwords is the most important thing.

Open PHPMyAdmin and navigate to your mybb_users table, manually update each users password, by following the next step.
Openhttp://www.adamek.biz/md5-generator.phpthen enter the users current password hash, with your 5 random characters at the end.

For example.
Code:

Code:
Code:
1a79a4d60de6718e8e5b326e338ae533


Becomes

Code:

Code:
Code:
1a79a4d60de6718e8e5b326e338ae5333g45h


Click "Calculate MD5".

Copy the new hash and replace the users old password.

Upload your modified functions_user.php to your server.

Now if an attacker attempts to crack the hashes, it's useless unless they know your 5 random characters.

[Image: Yp8ZHSk.gif]

RE: Improved Password Encryption

#2
I can't think of anything other that "rikka".. lol

Thanks for the guide, useful

RE: Improved Password Encryption

#3
I'll be doing this tonight, a very nice and simple guide. Thanks OP
1

RE: Improved Password Encryption

#4
this is what i need for my forum , and this will be useful.. thanks for this guide OP

RE: Improved Password Encryption

#5
Very nice anduseful , thanks for the guide,

RE: Improved Password Encryption

#6
Its time to secure our credentials. Thanks

RE: Improved Password Encryption

#7
This was just what i was looking for. Thank you!

Users browsing this thread: 3 Guest(s)