Information of password hashing in BB4

  • Hi,

    I've a request to support Burning Board 4 for my board service to use for a stand alone poker game using forum authentication. I want to ask before purchase the new version for testing purposes whether or not the password hashing to authenticate members is available for me to evaluate the work. I've done few of them already for other boards such as IPB/Xenforo/Modx/phpBB3/SMF2/Vanilla/Discuz International.

    Please let me know if this information is available . Here is video clips of what already done for IPB.

    Externer Inhalt www.youtube.com
    Inhalte von externen Seiten werden ohne Ihre Zustimmung nicht automatisch geladen und angezeigt.
    Durch die Aktivierung der externen Inhalte erklären Sie sich damit einverstanden, dass personenbezogene Daten an Drittplattformen übermittelt werden. Mehr Informationen dazu haben wir in unserer Datenschutzerklärung zur Verfügung gestellt.

    Externer Inhalt www.youtube.com
    Inhalte von externen Seiten werden ohne Ihre Zustimmung nicht automatisch geladen und angezeigt.
    Durch die Aktivierung der externen Inhalte erklären Sie sich damit einverstanden, dass personenbezogene Daten an Drittplattformen übermittelt werden. Mehr Informationen dazu haben wir in unserer Datenschutzerklärung zur Verfügung gestellt.

    Thanks!

    LR

    • Offizieller Beitrag

    Passwords are hashed using a double-hashed Blowfish algorithm:

    https://github.com/WoltLab/WCF/bl…dUtil.class.php

    Alexander Ebert
    Senior Developer WoltLab® GmbH

  • Thanks Alexander.

    I've been so so busy with work so no much time for game development. Today, I finally did have some free time to play around with the php code you referenced on github repository. The algorithm you guys used is pretty smart in a way double salt the password to get it matched. Nicely done. I've assumed that this is used for BB4. I thought it will take me more time reading php code I'm not expert with the language but it turns out it's quite simple. In fact, I've successfully matched it with a small test using password as 'lollol' and binary compared it with this salt as '$2a$08$bFtkRgdr3UvYj73NtKK1TOrn6HrkV6uZMvjAtos0gu1oFEmenEHfK'. Pretty strong security considering that the php blowfish encryption is already powerful enough and to run it in double pass makes it impossible to crack. Now, I'll need to code this in java. Still need to test it with the real software once I've got the green light to purchase it.

    2 Mal editiert, zuletzt von LuckyRiver (2. April 2014 um 05:08)

  • Thanks for the tip but I no longer need the framework. How to do authentication with BB4 is now pretty clear to me what I need to do to add code to the boardservice to get a BB4 forum member gets authenticated.
    Thus, that PasswordUtil.php is all I need. However this is only a small part since I need the real package deal now using the forum code to work on internal database tables to add authentication and member avatar display to the game. I do need to find more free time to continue on it. I'll get some demo clip once I've get everything working fully integrated. Will ask Cubeia though if they have also a german localized resource file.

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!