Password encoding/decoding function (Expert PHP)

deadManN · #21 (**permalink**) 09-18-09, 01:48 AM

i request for small program .right?!
i say if you made that for me with two text box, i was atlast enable to check if salt attached to password field or it's date, since we had no other field like salt.
so if pasword was 675e62re472rw59dshseg i check if the first number (here 5) is salt or not, or its in other field, and find that field.

deadManN · #22 (**permalink**) 09-18-09, 01:53 AM

i got these:
ChitChat247.com Free Image Hosting File Viewer
ChitChat247.com Free Image Hosting File Viewer
ChitChat247.com Free Image Hosting File Viewer
ChitChat247.com Free Image Hosting File Viewer

End User · #23 (**permalink**) 09-19-09, 08:06 AM

Quote:

Originally Posted by deadManN

i request for small program .right?!
i say if you made that for me with two text box, i was atlast enable to check if salt attached to password field or it's date, since we had no other field like salt.

The code shows the salt being applied to the password field. The date is not used in conjunction with the password or the salt.

Also, a test form won't help you in this case, since you'd need to know the password and the salt in order to be able to recreate the final hash. If you knew what those two items were, you wouldn't need the test form.

$salt = random(6);
$password = md5(md5($password).$salt);

This clearly shows that first they create a random salt, then they append the salt to the password and MD5 it, then they MD5 the result again. The date isn't referenced in there at all.

wirehopper · #24 (**permalink**) 09-19-09, 08:24 AM

You could also use a password reset to look at the password and the encoding.

deadManN · #25 (**permalink**) 09-19-09, 10:13 AM

can we use their java code to encode and decode, like when they call java function to do that , we we call those java in other language , but we need just to know which file encode and decode the password

wirehopper · #26 (**permalink**) 09-19-09, 11:47 AM

If you have an existing installation, and access to the database, run through the password recovery process, or change the password, and then look at the database.

deadManN · #27 (**permalink**) 09-20-09, 01:50 AM

it's not the matter, i wanna to get advantage of forum user table, and use it in platform, so other user can connect with their exist user, and don't need to make any other username, and also we can give them point via forum ability , and mix their process

wirehopper · #28 (**permalink**) 09-20-09, 10:23 AM

Using the password recovery process may help you understand how the password is encoded, so you can do what you want to do.

deadManN · #29 (**permalink**) 09-26-09, 12:31 AM

lol, pass recovery just put new password, not same password from before
<srry for delat, i were on vacation>

Jcbones · #30 (**permalink**) 09-27-09, 01:03 AM

A more intelligent person than myself would take MY password, and append every six digit number that I can find on my user row in a sequence like.

echo md5(md5('bigSexy') . '123456');

and see if the hash matches.

But, alas, I'm not that smart...