Jump to content

IPB 4 password vs IPB 3

Featured Replies

Posted

Is this still true?

 

$hash = md5( md5( $salt ) . md5( $password ) );

Source

No.

	/**
	 * Encrypt a plaintext password
	 *
	 * @param	string	$password	Password to encrypt
	 * @return	string	Encrypted password
	 * @todo	[Future] When we increase minimum PHP version, adjust blowfish to $2y$
	 */
	public function encryptedPassword( $password )
	{
		/* New password style introduced in IPS4 using Blowfish */
		if ( mb_strlen( $this->members_pass_salt ) === 22 )
		{
			return crypt( $password, '$2a$13$' . $this->members_pass_salt );
		}
		/* Old encryption style using md5 */
		else
		{
			return md5( md5( $this->members_pass_salt ) . md5( \IPS\Request::legacyEscape( $password ) ) );
		}
	}

 

Archived

This topic is now archived and is closed to further replies.

Recently Browsing 0

  • No registered users viewing this page.