Password Encryption

4 posts by 3 authors in: Forums > CMS Builder
Last Post: March 6, 2012   (RSS)

By wcd - March 5, 2012

Can you tell me what type of encryption CMS Builder uses for the user passwords? We're trying to match up logins between two systems, which will depend upon whether they;re using the same type of encryption. Thanks!

Re: [multimedia_nj] Password Encryption

By Dave - March 6, 2012

Hi multimedia_nj,

You can find CMSB's password hashing function in /lib/login_functions.php in getPasswordDigest() and _getPasswordSalt().

It's basically sha1() with a prefix of '$sha1$' added along with a salt of 'd7w8e' to prevent precomputed dictionary attacks. See: http://en.wikipedia.org/wiki/Salt_(cryptography)

Here's some code to generate a CMSB encrypted password from a plaintext password:

$plaintext = "supernova"; // plaintext password
$encrypted = '$sha1$' . sha1($plaintext . 'd7w8e');
print $encrypted; // prints $sha1$2a8fa94af0fb5126d0c791160aa11835b5b251d3


Hope that helps, let me know if you have any other questions.
Dave Edis - Senior Developer
interactivetools.com

Re: [Dave] Password Encryption

By wcd - March 6, 2012

Thanks Ð I forwarded this to the developers of the other system and will let you know if we have any additional questions.