Guest qraphic Posted January 8, 2011 Share Posted January 8, 2011 Hi, What's the admin or customers password encryption? how my password stored in MYSQL database? For example: I change my password to '1' and i saw my password stored in database '513d9d1d240e7b26bc6e2a20c1a0d6e7' it's not MD5 so what's this? How i can decode '513d9d1d240e7b26bc6e2a20c1a0d6e7' to '1' again? Quote Link to comment Share on other sites More sharing options...
bsmither Posted January 8, 2011 Share Posted January 8, 2011 It is, in fact, MD5. And as you probably know, MD5 is built specifically to be unable to be reversed. That said, there is something called "rainbow tables" but I have no knowledge of those. Quote Link to comment Share on other sites More sharing options...
Guest qraphic Posted January 8, 2011 Share Posted January 8, 2011 It is, in fact, MD5. And as you probably know, MD5 is built specifically to be unable to be reversed. That said, there is something called "rainbow tables" but I have no knowledge of those. It;s not MD5 because for example Encode '1' by MD5 then it will be 'C4CA4238A0B923820DCC509A6F75849B' but if you see in your database then u find your password is '513d9d1d240e7b26bc6e2a20c1a0d6e7' Quote Link to comment Share on other sites More sharing options...
vokf Posted January 8, 2011 Share Posted January 8, 2011 It is, in fact, MD5. And as you probably know, MD5 is built specifically to be unable to be reversed. That said, there is something called "rainbow tables" but I have no knowledge of those. It;s not MD5 because for example Encode '1' by MD5 then it will be 'C4CA4238A0B923820DCC509A6F75849B' but if you see in your database then u find your password is '513d9d1d240e7b26bc6e2a20c1a0d6e7' CubeCart4 (I'm not in a positjon to check CC3) "salts" the password by adding a random string, before running the MD5. The salt value is stored in the admin user table with the MD5 password (which also includes the salt value) So - when you enter an admin password, the scipt will retrieve the SALT value from the DB, and recreate the MD5 value from the supplied password. This will be compared to the value held inside the DB password field for that user. SALTing the value is much more secure - and prevents the "rainbow tables" style of attack. More info on MD5 and SALTing; http://en.wikipedia.org/wiki/MD5 ..and info on Rainbow Tables; http://en.wikipedia.org/wiki/Rainbow_table With the MD5 being generated from the password AND a random value - the Rainbow Table attack will not work, and a collision will only provide the SALT + Password string. (so inputting this to the admin login will fail unless you remove the SALT value. Interesting stuff thou - I've used MD5 for hashing values on lots of projects, but don't pretend to be an expert in cryptology! Jason Quote Link to comment Share on other sites More sharing options...
bsmither Posted January 8, 2011 Share Posted January 8, 2011 Can I ask you to verify the version of CubeCart you are using? Does the table you are examining for the customers include a column named 'salt'? In CC3.0.20, /includes/content/reg.inc.php, here is the data record element: $record["password"] = $db->mySQLSafe(md5($_POST['password'])); So, password:1 is c4ca4238a0b923820dcc509a6f75849b In CC4.4.3, /includes/content/reg.inc.php, here is the data record element: $salt = randomPass(6); $record['salt'] = "'".$salt."'"; $record['password'] = $db->mySQLSafe(md5(md5($salt).md5($_POST['password']))); So, the password includes a salt (let's say 123456). Then, password:1 is e3b26461547fd67414fe44260a510499 But because salt is random, the overall md5'd password is random. Thus the need for the 'salt' column to record the salt used in creating the password. Sorry, but asking if the case may be that you are using CC version4 is the only explanation I have to explain the discrepancy. Quote Link to comment Share on other sites More sharing options...
vokf Posted January 9, 2011 Share Posted January 9, 2011 Sorry Brian- I've just realised, this was in a CC3 area. I checked a CC4 database! My mistake. It therefore looks like CC3 IS vulnerable to MD5 collisions (but the brute-force login check *should* stop those) Jason Quote Link to comment Share on other sites More sharing options...
Guest qraphic Posted January 9, 2011 Share Posted January 9, 2011 Can I ask you to verify the version of CubeCart you are using? Does the table you are examining for the customers include a column named 'salt'? In CC3.0.20, /includes/content/reg.inc.php, here is the data record element: $record["password"] = $db->mySQLSafe(md5($_POST['password'])); So, password:1 is c4ca4238a0b923820dcc509a6f75849b In CC4.4.3, /includes/content/reg.inc.php, here is the data record element: $salt = randomPass(6); $record['salt'] = "'".$salt."'"; $record['password'] = $db->mySQLSafe(md5(md5($salt).md5($_POST['password']))); So, the password includes a salt (let's say 123456). Then, password:1 is e3b26461547fd67414fe44260a510499 But because salt is random, the overall md5'd password is random. Thus the need for the 'salt' column to record the salt used in creating the password. Sorry, but asking if the case may be that you are using CC version4 is the only explanation I have to explain the discrepancy. Yest, I have 'Salt' Column. So if i know Salt then can it help me for recover password quickly! Quote Link to comment Share on other sites More sharing options...
bsmither Posted January 9, 2011 Share Posted January 9, 2011 "Yes, I have 'Salt' column." You have a 'salt' column. That means you have CC4 (or a modified version of CC3). "If I know Salt then can it help me for recover password quickly!" No. There are a limited number of MD5 hashes (65K^8) while there are an infinite number of potential passwords. While you may find a password that will get you the same MD5 hash, you will never know if it is the original password. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.