YaBB SE Community

YaBB SE Info => News From the YaBB SE Team => Topic started by: Agelmar on December 09, 2001, 05:14:37 PM

Title: Encrypted passwords
Post by: Agelmar on December 09, 2001, 05:14:37 PM
I just thought of this - if a Y1G board uses the encrypted passwords mod... is it possible to port it to YaBBSE?
Title: Re:Encrypted passwords
Post by: Joseph Fung on December 09, 2001, 05:16:02 PM
hmm...that's a toughie...the porter assumes the passwords are unencrypted...

how's the encryption done? if it's using crypt with the 2 first chars of the passwd as the seed - then it can be done..
Title: Re:Encrypted passwords
Post by: Agelmar on December 09, 2001, 05:16:56 PM
With the mod, it actually asks for a seed...
Title: Re:Encrypted passwords
Post by: Agelmar on December 09, 2001, 05:18:14 PM
I'm looking to see if I can find the documentation for the mod, gimme a sec...
Title: Re:Encrypted passwords
Post by: Joseph Fung on December 09, 2001, 05:21:24 PM
if it's using the same seed for each password, I don't think we can do it then...
Title: Re:Encrypted passwords
Post by: Agelmar on December 09, 2001, 05:22:49 PM
Yes, it uses the same seed for all passwords... If you had the seed, could you just import the password raw and have the forum check the inputted password encrypted to the seed against the stored value (that's how the mod works if I recall...)
Title: Re:Encrypted passwords
Post by: Joseph Fung on December 09, 2001, 05:26:41 PM
You'd have to apply a mod to the SE code - right now, the passwords are stored using the first 2 chars of the password as the seed (which is standard practice).  You'd have to change how the passwords are checked and then how the converter converts the info...
Title: Re:Encrypted passwords
Post by: Mostmaster on December 09, 2001, 05:27:33 PM
yup, the password-encryption-mod uses the seed 'ya' defined in the subs.pl (if I can remember).
So its possible. We have 2 mods now for the converter.
1. convert polls
2. convert encrypted passwords..

hehe.. ;D
Title: Re:Encrypted passwords
Post by: Agelmar on December 09, 2001, 05:29:44 PM
Except that that mod would not be for the converter, but for the entire forum... the encryption is non-reversable.
Title: Re:Encrypted passwords
Post by: Mostmaster on December 09, 2001, 05:33:09 PM
you're right.
nasty problem...
we'll find something for it.. ;D
Title: Re:Encrypted passwords
Post by: Jeff Lewis on December 09, 2001, 05:36:11 PM
Hehe I do have a tool which decrypts them, just takes a long time ;)
Title: Re:Encrypted passwords
Post by: Agelmar on December 09, 2001, 05:37:13 PM
Really? Would you mind passing that my way? I could really use it, as I have a pet project I'm working on...
Title: Re:Encrypted passwords
Post by: Mostmaster on December 09, 2001, 05:41:54 PM
With brute force.... ;D
Title: Re:Encrypted passwords
Post by: Edwin on December 09, 2001, 05:43:37 PM
Hehe I do have a tool which decrypts them, just takes a long time ;)

Yup, in the year 2424 it's decrypted  ;D
Title: Re:Encrypted passwords
Post by: Jeff Lewis on December 09, 2001, 05:45:56 PM
It's faster than that and I've used it at work...
Title: Re:Encrypted passwords
Post by: Agelmar on December 09, 2001, 05:46:42 PM
Would you mind emailing it to me / posting a link? I could really use it :-(

Also, is it linux-only or will it run on windows?
Title: Re:Encrypted passwords
Post by: Joseph Fung on December 09, 2001, 05:51:14 PM
There's a lot of software out there for cracking MD5 stuff.  Look up John the Ripper - that's a pretty popular one.
Title: Re:Encrypted passwords
Post by: Agelmar on December 09, 2001, 05:55:27 PM
it was encrypted using whatever encryption YaBB1G used - I think it called crypt() or whatever - is that MD5?
Title: Re:Encrypted passwords
Post by: Joseph Fung on December 09, 2001, 05:57:39 PM
yes, crypt (specifically crypt with a 2 char seed) used MD5 encryption
Title: Re:Encrypted passwords
Post by: Chris C. on December 09, 2001, 09:41:21 PM
Minor nitpick: the crypt() call is generating DES encrypted passwords (just looked at output on the server that Agelmar's forum is running on...)
Title: Re:Encrypted passwords
Post by: Shaun on December 09, 2001, 11:11:45 PM
Hey Jeff, my board uses the encrypted passwords mod.  Lemme know if you can get me this "decrypter" for my conversion...
Title: Re:Encrypted passwords
Post by: Jeff Lewis on December 10, 2001, 08:23:21 AM
It's just a cheap one as it checks for easy passwords not a full brute force one.  It's here: John the Ripper: http://www.openwall.com/john/
Title: Re:Encrypted passwords
Post by: Shaun on December 10, 2001, 08:05:49 PM
Holy moly! I downloaded the win32 version but I can't figure out how to get it to work!  I try and run the applications and they pop up for half a second and close.

 ???  Jeff!!
Title: Re:Encrypted passwords
Post by: Jeff Lewis on December 10, 2001, 08:08:02 PM
Hehe run it from a command line...
Title: Re:Encrypted passwords
Post by: Shaun on December 10, 2001, 08:26:52 PM
Argh!  It still won't run...same thing.  Damn, I hate to ask this but can you give me a step-by-step maybe?
Title: Re:Encrypted passwords
Post by: king_killa on June 19, 2003, 05:48:22 PM
yea, I got the thing open, but I can't figure out how to take my encrypted password, and get it to crack it.
I read the docs... but I still can't figure it out
Title: Re:Encrypted passwords
Post by: [Unknown] on June 19, 2003, 06:14:42 PM
Why in the world is this in the news board?

-[Unknown]
Title: Re:Encrypted passwords
Post by: A.M.A. on June 19, 2003, 06:17:12 PM
I guess back on the old days everyone can post everywhere  ;D
Title: Re:Encrypted passwords
Post by: David on June 19, 2003, 06:24:01 PM
No need to revive this really really old thread.  Take a look on the php scripting board, passwords have been discussed a few times.