[UberCMS] Password Hash Type

[cuperus]

hello,

I am going to release something soon but i need 1 awnser!
What kinda HASH type is ubercms using with they passwords

[MentaL]

[XenoGFX]

its a salted hash with sha1([salt].[password])

[Joopie]

How hard is't to look at the source :S

Code:

public function UberHash($input = '')
	{
		return sha1($input . $this->config['Site']['hash_secret']);
	}

[pabiboy]

Okay,But is it possible to make md5 for Manage folder?Because its sha1

[</Meap>]

its md5 encrypted with a sha1 hash

[Cecer]

Quick lesson for the few people in this thread who seem to not understand hashing

Hashing is NOT Encryption
Hashing can't be decrypted... it is one way.
Encryption can be decrypted.

Hashing is more secure for things like passwords.

MD5 is one hashing algorithm.
SHA1 is a different hashing algorithm.

MD5 is outdated and not as secure as SHA1.
SHA1 is getting a little dated now.

There are newer hashing algorithms such as SHA2 (which has multiple versions).

[pabiboy]

Then Why doesn't it won't login me in manage (ubercms housekeeping) Says Invalid Details?But When I use SHA1 Hash It will let me.

[cuperus]

Then Why doesn't it won't login me in manage (ubercms housekeeping) Says Invalid Details?But When I use SHA1 Hash It will let me.

Need help?

[jeroen262]

[B][U]Quick lesson for the few people in
Hashing can't be decrypted... it is one way.

That's not true.
You have to find out how the hash code works, but if you know that you can decrypt it.

[Near]

It's one way like cecer says. You can only run hashes through rainbow tables to have a chance to find the plain text string. Authentication using hashes works like this:

You compare the plain text input hash with the hashed string in the database by hashing the input. So, you're comparing the hashes. It's secure, but because of all the rainbow tables on the internet it's more secure to use a salt and a combination of sha1 and md5.

[XenoGFX]

Quick lesson for the few people in this thread who seem to not understand hashing

Hashing is NOT Encryption
Hashing can't be decrypted... it is one way.
Encryption can be decrypted.

Hashing is more secure for things like passwords.

MD5 is one hashing algorithm.
SHA1 is a different hashing algorithm.

MD5 is outdated and not as secure as SHA1.
SHA1 is getting a little dated now.

There are newer hashing algorithms such as SHA2 (which has multiple versions).

if you know this then you should know about rainbow tables ;)

[Punk]

Quick lesson for the few people in this thread who seem to not understand hashing

Hashing is NOT Encryption
Hashing can't be decrypted... it is one way.
Encryption can be decrypted.

Hashing is more secure for things like passwords.

MD5 is one hashing algorithm.
SHA1 is a different hashing algorithm.

MD5 is outdated and not as secure as SHA1.
SHA1 is getting a little dated now.

There are newer hashing algorithms such as SHA2 (which has multiple versions).

Hashing can't be decrypted... it is one way.
your incorrent on that ^

[1ntel]

Hashing can't be decrypted... it is one way.
your incorrent on that ^

Actually you can't decrypt a hash, you can only go on based by Rainbow Tables, and even then it is impossible because the whole idea of using a Secret Key makes Rainbow Tables impossible.

If hashs could be decrypted in a simple easy step, then it would make sense to save passwords unencrypted.

[XenoGFX]

Actually you can't decrypt a hash, you can only go on based by Rainbow Tables, and even then it is impossible because the whole idea of using a Secret Key makes Rainbow Tables impossible.

If hashs could be decrypted in a simple easy step, then it would make sense to save passwords unencrypted.

not if you have the salt...you must have the salt to "decrypt" salted hashes...

[trantium]

Can someone try to get the ubercms housekeeping working with a md5 hash?

Thanks