Jump to content

What's the password encryption?


Guest qraphic

Recommended Posts

Guest qraphic

Hi,

What's the admin or customers password encryption?

how my password stored in MYSQL database?

For example:

I change my password to '1'

and i saw my password stored in database '513d9d1d240e7b26bc6e2a20c1a0d6e7'

it's not MD5 so what's this?

How i can decode '513d9d1d240e7b26bc6e2a20c1a0d6e7' to '1' again?

Link to comment
Share on other sites

Guest qraphic

It is, in fact, MD5. And as you probably know, MD5 is built specifically to be unable to be reversed. That said, there is something called "rainbow tables" but I have no knowledge of those.

It;s not MD5 because for example Encode '1' by MD5 then it will be 'C4CA4238A0B923820DCC509A6F75849B'

but if you see in your database then u find your password is '513d9d1d240e7b26bc6e2a20c1a0d6e7'

Link to comment
Share on other sites

It is, in fact, MD5. And as you probably know, MD5 is built specifically to be unable to be reversed. That said, there is something called "rainbow tables" but I have no knowledge of those.

It;s not MD5 because for example Encode '1' by MD5 then it will be 'C4CA4238A0B923820DCC509A6F75849B'

but if you see in your database then u find your password is '513d9d1d240e7b26bc6e2a20c1a0d6e7'

CubeCart4 (I'm not in a positjon to check CC3) "salts" the password by adding a random string, before running the MD5.

The salt value is stored in the admin user table with the MD5 password (which also includes the salt value)

So - when you enter an admin password, the scipt will retrieve the SALT value from the DB, and recreate the MD5 value from the supplied password. This will be compared to the value held inside the DB password field for that user.

SALTing the value is much more secure - and prevents the "rainbow tables" style of attack.

More info on MD5 and SALTing;

http://en.wikipedia.org/wiki/MD5

..and info on Rainbow Tables;

http://en.wikipedia.org/wiki/Rainbow_table

With the MD5 being generated from the password AND a random value - the Rainbow Table attack will not work, and a collision will only provide the SALT + Password string. (so inputting this to the admin login will fail unless you remove the SALT value.

Interesting stuff thou - I've used MD5 for hashing values on lots of projects, but don't pretend to be an expert in cryptology!

Jason

Link to comment
Share on other sites

Can I ask you to verify the version of CubeCart you are using? Does the table you are examining for the customers include a column named 'salt'?

In CC3.0.20, /includes/content/reg.inc.php, here is the data record element:

$record["password"] = $db->mySQLSafe(md5($_POST['password']));

So, password:1 is c4ca4238a0b923820dcc509a6f75849b

In CC4.4.3, /includes/content/reg.inc.php, here is the data record element:

$salt = randomPass(6);

$record['salt'] = "'".$salt."'";

$record['password'] = $db->mySQLSafe(md5(md5($salt).md5($_POST['password'])));

So, the password includes a salt (let's say 123456). Then, password:1 is e3b26461547fd67414fe44260a510499

But because salt is random, the overall md5'd password is random. Thus the need for the 'salt' column to record the salt used in creating the password.

Sorry, but asking if the case may be that you are using CC version4 is the only explanation I have to explain the discrepancy.

Link to comment
Share on other sites

Sorry Brian- I've just realised, this was in a CC3 area. I checked a CC4 database!

My mistake. It therefore looks like CC3 IS vulnerable to MD5 collisions (but the brute-force login check *should* stop those)

Jason

Link to comment
Share on other sites

Guest qraphic

Can I ask you to verify the version of CubeCart you are using? Does the table you are examining for the customers include a column named 'salt'?

In CC3.0.20, /includes/content/reg.inc.php, here is the data record element:

$record["password"] = $db->mySQLSafe(md5($_POST['password']));

So, password:1 is c4ca4238a0b923820dcc509a6f75849b

In CC4.4.3, /includes/content/reg.inc.php, here is the data record element:

$salt = randomPass(6);

$record['salt'] = "'".$salt."'";

$record['password'] = $db->mySQLSafe(md5(md5($salt).md5($_POST['password'])));

So, the password includes a salt (let's say 123456). Then, password:1 is e3b26461547fd67414fe44260a510499

But because salt is random, the overall md5'd password is random. Thus the need for the 'salt' column to record the salt used in creating the password.

Sorry, but asking if the case may be that you are using CC version4 is the only explanation I have to explain the discrepancy.

Yest, I have 'Salt' Column. So if i know Salt then can it help me for recover password quickly!

Link to comment
Share on other sites

"Yes, I have 'Salt' column."

You have a 'salt' column. That means you have CC4 (or a modified version of CC3).

"If I know Salt then can it help me for recover password quickly!"

No. There are a limited number of MD5 hashes (65K^8) while there are an infinite number of potential passwords. While you may find a password that will get you the same MD5 hash, you will never know if it is the original password.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...