SHA256 Encryption

Hangin' Around Joined: Apr 28, 2006 Posts: 31

OK guys. I am relatively new to PHP nuke and could use just a tad bit of help here. After fumbling with MD5 hashes I realized how relatively easy they are to crack. If I wanted to up the ante on our site from MD5 to SHA256 encryption with this:

http://dev.barad-dur.nl/sha256/

How would I go about implementing the files? Or if it is too much of a hassle, is it at least possible to change the encryption to SHA1?

Many thanks in advance Smile

Posted: Tue May 02, 2006 2:12 am

Well I can't offer any implementation tips or info. But I have to say that currently on anything under a cluster server any password with 9+ character will be relatively un-crackable even for MD5 hash.

It's all about password size/combination that is ever the issue with MD5 hash.

registered · Posted: Tue May 02, 2006 6:08 am

Yes, and stay away from passwords with words that can be found in the dictionary. Off combinations of lower case and upper case letters and numbers works best. You can also throw in a special character, but be forewarned that some will not work with Nuke.

registered · Posted: Tue May 02, 2006 12:04 pm

Here is a solution we have been using.

$password = md5(md5(md5(md5(md5($password)))));

Try breaking a two letter password that has been hashed 5x. Wink

Also I think sh1 has also been broken.

Posted: Thu May 04, 2006 8:22 pm

Hmmmm. What file would i modify with the 5x script?

Posted: Thu May 04, 2006 11:23 pm

I dont remember the default place in standard nuke. It would be in YA, just look for MD5

Posted: Sat May 06, 2006 6:56 pm

YA?

registered · Posted: Sat May 06, 2006 11:32 pm

Your_Account module

Posted: Sat May 06, 2006 11:32 pm

Ahhhhh I gotcha

New Member Joined: Nov 02, 2005 Posts: 24

technocrat wrote:

Here is a solution we have been using.

$password = md5(md5(md5(md5(md5($password)))));

Try breaking a two letter password that has been hashed 5x. Wink

Also I think sh1 has also been broken.

First of all, hello to all and thanks for all your help guys!

I don't want to open a new topic cuz you'll see two similar topic...and I know that it's not so good.

My question is simple:

I've the CNB_YourAccount 750 4.4.2...the latest, for what I know, and, as you well know, the YourAccount module is all different from the original one...so...where should I search to change the code that you wrote?

I searched in the index.php and I found it but...is it the only change to do? I mean...how the de-encryption works and... should I change something there too?

I really would thank you for all your help guys, you're a really great community. Smile

Best Regards.

Posted: Sat Jun 03, 2006 7:59 am

I only changed the code in one file and the site seems to work perfectly. I can't remember which file it was I modded but if you give me about a week until my PC is fixed I can help you out.

Best of luck.