VBulletin Password Encryption

Just in case if anyone is looking how the VB password encryption is done, it’s not like;

$hash=MD5($password)

the way that I thought at first, but it’s done in this way;

$hash=MD5(MD5($password)+$salt)

so that no identical encrypted strings are stored in the database.

Posted August 27th, 2006 by mightyhitter under VBulletin

 

7 Responses to “VBulletin Password Encryption”

  1. Mohan Says:
    February 10th, 2007 at 3:45 am

    Hi,

    How I will get the value for $salt variable.

    Mohan

  2. mightyhitter Says:
    February 10th, 2007 at 4:05 am

    It should be from the database itself.

  3. Mob1us Says:
    January 26th, 2008 at 4:23 pm

    I typed the following (the values for $password and $salt are correct)

    $password = “A”; // <- i’ve tried this with capital and lower-case “a”
    $salt = “EG-”; // <- same as above.

    echo “” . MD5(MD5($password)+$salt) . ““;
    What the database has and what my code prints out every time are different… are you sure that’s the correct schema for vBulletin? If so, what could I be doing wrong?

  4. Mob1us Says:
    January 26th, 2008 at 4:24 pm

    *Sorry, that bold part reads:

    echo MD5(MD5($password)+$salt);

  5. Ye Says:
    January 29th, 2008 at 4:46 pm

    MD5(MD5($password)+$salt)

    it should be:
    MD5(MD5($password).$salt)

  6. Akbar Says:
    February 1st, 2008 at 5:41 am

    How can I decrypt the VB password??

  7. Dolbex Says:
    May 12th, 2008 at 10:48 am

    Just trying to clear some things up for some people. You can’t really decrypt the md5 password, thats the whole point of md5 - it’s one way encryption.

    To get the salt you need to look in the vb_user table. If you are in vBulletin you can call the variable with this: $vbulletin->userinfo[’salt’]

Leave a Reply