Password Encryption
4 posts by 3 authors in: Forums > CMS Builder
Last Post: March 6, 2012 (RSS)
By wcd - March 5, 2012
Can you tell me what type of encryption CMS Builder uses for the user passwords? We're trying to match up logins between two systems, which will depend upon whether they;re using the same type of encryption. Thanks!
Re: [multimedia_nj] Password Encryption
By Damon - March 5, 2012
Hi,
Send in an email to support@interactivetools.com and include a link to this post (http://www.interactivetools.com/forum/gforum.cgi?post=92426#92426) and I will have one of our programmers email you directly with details.
Thanks!
Send in an email to support@interactivetools.com and include a link to this post (http://www.interactivetools.com/forum/gforum.cgi?post=92426#92426) and I will have one of our programmers email you directly with details.
Thanks!
Cheers,
Damon Edis - interactivetools.com
Hire me! Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/
Damon Edis - interactivetools.com
Hire me! Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/
Re: [multimedia_nj] Password Encryption
By Dave - March 6, 2012
Hi multimedia_nj,
You can find CMSB's password hashing function in /lib/login_functions.php in getPasswordDigest() and _getPasswordSalt().
It's basically sha1() with a prefix of '$sha1$' added along with a salt of 'd7w8e' to prevent precomputed dictionary attacks. See: http://en.wikipedia.org/wiki/Salt_(cryptography)
Here's some code to generate a CMSB encrypted password from a plaintext password:
Hope that helps, let me know if you have any other questions.
You can find CMSB's password hashing function in /lib/login_functions.php in getPasswordDigest() and _getPasswordSalt().
It's basically sha1() with a prefix of '$sha1$' added along with a salt of 'd7w8e' to prevent precomputed dictionary attacks. See: http://en.wikipedia.org/wiki/Salt_(cryptography)
Here's some code to generate a CMSB encrypted password from a plaintext password:
$plaintext = "supernova"; // plaintext password
$encrypted = '$sha1$' . sha1($plaintext . 'd7w8e');
print $encrypted; // prints $sha1$2a8fa94af0fb5126d0c791160aa11835b5b251d3Hope that helps, let me know if you have any other questions.
Dave Edis - Senior Developer
interactivetools.com
interactivetools.com
Re: [Dave] Password Encryption
By wcd - March 6, 2012
Thanks Ð I forwarded this to the developers of the other system and will let you know if we have any additional questions.