IPB 4 password vs IPB 3

IndieIndeed · September 16, 2015

Is this still true?

$hash = md5( md5( $salt ) . md5( $password ) );

Source

TSP · September 16, 2015

No.

	/**
	 * Encrypt a plaintext password
	 *
	 * @param	string	$password	Password to encrypt
	 * @return	string	Encrypted password
	 * @todo	[Future] When we increase minimum PHP version, adjust blowfish to $2y$
	 */
	public function encryptedPassword( $password )
	{
		/* New password style introduced in IPS4 using Blowfish */
		if ( mb_strlen( $this->members_pass_salt ) === 22 )
		{
			return crypt( $password, '$2a$13$' . $this->members_pass_salt );
		}
		/* Old encryption style using md5 */
		else
		{
			return md5( md5( $this->members_pass_salt ) . md5( \IPS\Request::legacyEscape( $password ) ) );
		}
	}

Invision Community 5: Assign topics to moderators

Invision Community 4: Pages databases in Clubs

Invision Community 5: Live Topic Improvements

Invision Community 5: New Live Community Features

IPB 4 password vs IPB 3

Recommended Posts

IndieIndeed

Link to comment

Share on other sites

TSP

Link to comment

Share on other sites

Archived

Recently Browsing 0 members

Upcoming Events

Trending Content

More