Jump to content

RealmD, Change hashing from SHA-1 to SHA-256


Guest lillecarl

Recommended Posts

Well, basically i want to change the password hashing from SHA-1 to SHA-256 (To integrate MaNGOS realmd with Drupal)

In a post i found out that their "Version 7" uses SHA-256, as i can see it atleast (http://engineeredweb.com/blog/10/5/new-way-generate-hashes-drupal-7)

Will there be shitloads of work to convert to SHA-256 if i do not have any users in mangos?

- LilleCarl

Link to comment
Share on other sites

I'm pretty sure the client uses SHA-1 as the hash for SRP 6, so unless you modified that too, it's a no-go.

http://srp.stanford.edu/demo/demo.html

H() is SHA-1. It it used to get x both on the server in part 2, and in the client on part 3.

Well, "loong time ago" some emulators used plain passwords? So its not possible just to store them in some way? Or do i need to modify drupal instead?

Thank you for the answer by the way!

- LilleCarl

Link to comment
Share on other sites

Joomla with Jfusion as an alternative ?

Drupal and bridges or connectors or whatever they are called are a problematic story anyway.

Sorry but, what is jfusion? xD

But does jommla use sha1 hashing? (thank you)

EDIT: I have joomla with jfusion now, how do i make a SHA1 connector

- LilleCarl

Link to comment
Share on other sites

I'm pretty sure the client uses SHA-1 as the hash for SRP 6, so unless you modified that too, it's a no-go.

http://srp.stanford.edu/demo/demo.html

H() is SHA-1. It it used to get x both on the server in part 2, and in the client on part 3.

Well, "loong time ago" some emulators used plain passwords? So its not possible just to store them in some way? Or do i need to modify drupal instead?

Thank you for the answer by the way!

- LilleCarl

When it was done that way, the server would hash it when the person logged in, instead of once when the account is made. You would have to have SHA-1 or plaintext in addition to SHA-256.

Link to comment
Share on other sites

I'm pretty sure the client uses SHA-1 as the hash for SRP 6, so unless you modified that too, it's a no-go.

http://srp.stanford.edu/demo/demo.html

H() is SHA-1. It it used to get x both on the server in part 2, and in the client on part 3.

Well, "loong time ago" some emulators used plain passwords? So its not possible just to store them in some way? Or do i need to modify drupal instead?

Thank you for the answer by the way!

- LilleCarl

When it was done that way, the server would hash it when the person logged in, instead of once when the account is made. You would have to have SHA-1 or plaintext in addition to SHA-256.

Oh i see, well i got joomla and jfusion, but there is something wrong with jfusion so im sitting here slitting my hair atm xD Well i think this topic is meanless now :P

Link to comment
Share on other sites

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Privacy Policy Terms of Use