Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Chris]

Ok. I have been trying to figure out the way the values are stored in the db for user passwords. (No, not trying to view them. Trying to match them so someone can login to their ns account to create a profile type setup).

So far, I have got it figured out to use the decode(`pass`,"MysqlSecure") ... However, when just messing with the sql of it, encode("my personal pass","MysqlSecure") doesnt = what should be in `pass`. I come a whole lot closer using encode(md5("my personal pass"),"MysqlSecure") (Im assuming because Im using enc_md5 in my encryption method). I can atleast get the right length... however, it obviously isnt right still.

Its a 32 length str, so md5 has to be involved somehow...
Yes, I am using a key, no it isnt MysqlSecure...
No, my pass isnt "my personal pass"... those were used as placeholders to hopefully help show what Im trying to achieve.

Please dont ask tiny questions such as "Are you sure your using MysqlSecure with a key, not as md5" or whatever. Not trying to insult someones intelligence here. Just please dont insult mine. 

Basically, all Im asking is what is the method to come up to the string that gets encoded with the key?
Examples would be amazing. 

EDIT: And because I forgot to say it, Im using 1.8.7. (I saw the last thread which was SOMEWHAT relevant to my interests... Just the reverse. =P)
With that being said, be nice... Im atleast on a current version. 

[Adam]

MysqlSecure is only useful with enc_none, with enc_md5 the passwords are already encrypted so it is not used.

[Chris]

Well, I kinda realized that it would be redundant completely after the fact. (Ie, I realized it about 2 hours ago when I started this project. Haha)
So, I will also accept advise on how to clear out the mysqlsecure key, so that I will only use md5, without ruining my db

Another Edit:
Would just commenting out (or setting to "") work for making the whole thing only md5? Or would I be able to set myself up for disaster.
Perhaps commenting out then an update command to os?
 

[Adam]

You don't need to clear the key it has no effect. I don't think our md5 is the same as php's md5() though, you could try with php's md5 raw binary output though and see if that matches.

[Chris]

Ok... Ill try it out. Thanks Adam. I shall return! 

[Chris]

Reults of trying to use raw binary for MD5 (Spoiler: It didnt go so well.  )

Code: [Select]

$md5_hash = md5("My pass", true);

echo "Your Userid: " . $user['nc_id'] . "<br />\n";
echo "md5_hash: " . $md5_hash ."<br />\n";
echo "pass from db: " . $user['pass'] ."<br />\n";

if ($user['pass'] == $md5_hash) { echo "Matched..."; }
else { echo "No Match..."; }
$user is the result of the db row. <-- Figured I would throw that out there just in case someone wants to ask...

Output:

Code: [Select]

Your Userid: 1
md5_hash: ޛ�׍~.�������
pass from db: ޛ�׍~.�������
No Match...

[Adam]

Loop through those and print out the byte values for each byte

[Chris]

Well now... That went very differently then I planned. Haha. But, it does work now. ^_^

Thanks for walking me through that Adam!!! ^_^
First time having to go about doing a byte by byte for an md5. Never would have thought about it.
I must say though, doing the byte for byte on the `pass` field, generated a BUNCH of 0's at the end. So for anyone else doing this, remember a md5 is only 128 bytes.