Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
 All Forums
 Snitz Forums 2000 MOD-Group
 MOD Add-On Forum (W/Code)
 Password Salting - Updated 1-17-08

Note: You must be registered in order to post a reply.
To register, click here. Registration is FREE!
Before posting, make sure you have read this topic!

Screensize:
UserName:
Password:
Format Mode:
Format: BoldItalicizedUnderlineStrikethrough Align LeftCenteredAlign Right Horizontal Rule Insert HyperlinkInsert EmailInsert Image Insert CodeInsert QuoteInsert List
   
Message:

* HTML is OFF
* Forum Code is ON
Smilies
Smile [:)] Big Smile [:D] Cool [8D] Blush [:I]
Tongue [:P] Evil [):] Wink [;)] Clown [:o)]
Black Eye [B)] Eight Ball [8] Frown [:(] Shy [8)]
Shocked [:0] Angry [:(!] Dead [xx(] Sleepy [|)]
Kisses [:X] Approve [^] Disapprove [V] Question [?]

 
Check here to subscribe to this topic.
   

T O P I C    R E V I E W
muzishun Posted - 21 December 2007 : 10:52:28
I am officially calling this a 1.0 release now. In the past month or so, there have been a couple dozen downloads of the MOD, and nobody has posted back yet with issues.

I'd like to get some other individuals to help me test this MOD. I've tested it once, but I want to ensure that everything works properly before I call it an official 1.0 release.

Password Salting
Version: 1.0
Author: Bill Parrott (muzishun)
Forum Version: Snitz Forum 2000 v3.4.06
Tested Databases: MS Access 2000
Last Updated: 1/17/08
Download Link: Chimeric Dream, SnitzBitz

(From Wikipedia) "In cryptography, a salt comprises random bits that are used as one of the inputs to a key derivation function. The other input is usually a password or passphrase. The output of the key derivation function is stored as the encrypted version of the password. A salt can also be used as a key in a cipher or other cryptographic algorithm. The key derivation function typically uses a hash function. Sometimes the initialization vector, a previously-generated value, is used as a salt."

This MOD helps make a site more secure by adding a randomly generated string to the end of users' passwords before they are encrypted. This ensures that even if someone gains access to the forum's database, even a brute force attempt to crack the passwords will be ineffective, due to the fact that a user's password cannot possibly be guessed (unless someone discovers the salt, of course).

Comments can be posted in this reply, but for support and bug reports, please visit the MOD Implementation forum here.<
15   L A T E S T    R E P L I E S    (Newest First)
richfed Posted - 12 June 2008 : 18:23:27
See here, Carefree ... I had a similar experience.<
Carefree Posted - 12 June 2008 : 11:54:38
Pop_Delete.asp wasn't updated to check against the salted password - it will not allow me to delete topics, etc.; losing the basic controls pretty much renders the forum useless. All the fancy mods in the world won't keep a forum going if you cannot edit/delete topics. I have logged out, deleted temp files, etc.; & logged back in again. That much works - but the basic controls for the board do not.

quote:

No Permissions to Delete Topic

Go Back to Re-Authenticate

Close Window

<
modifichicci Posted - 24 March 2008 : 14:03:50
thanks i think i will try it in next weeks<
muzishun Posted - 24 March 2008 : 14:01:58
I've generally created the inc_pwsalt.asp in the same directory as my forum, but once you have created it, you may move it around your server as you please.<
modifichicci Posted - 24 March 2008 : 08:30:34
once inc_pwsalt.asp will be created in a dir with permission, it is possible to move it to forum dir? No more file scripting needed on it?
This is because some servers have limited upload permission ..<
phy1729 Posted - 23 March 2008 : 10:48:35
To those having the error 800a0414: This says to try 
CALL UpdateSaltedPassword(strDBNTFUserName, MemberID, strEncodedPassword)

Fix first posted in: 66705<
AnonJr Posted - 17 March 2008 : 12:27:49
Password salting doesn't prevent someone from guessing the password. It just makes it harder to use a rainbow table or other form of brute force against the hash.<
richfed Posted - 17 March 2008 : 06:10:41
THIS is why I would like, very much, to install this MOD: http://forum.snitz.com/forum/topic.asp?whichpage=0.6&TOPIC_ID=66574#376221<
richfed Posted - 15 March 2008 : 12:59:29
quote:
Originally posted by leesh695

Anyideas on this? I would really like to implent this mod

I cant seem to work it out and I dont want to change to much incase I destroy everyones password


I am getting that same error ... SQL Server<
muzishun Posted - 10 March 2008 : 17:03:14
Sorry for the lack of responses on this lately. I genuinely am hoping to get some work done on this in the very near future. I *was* having some spare time at work lately, but that is totally gone, and my partner and I are up to our eyeballs in client projects right now. I'll try to take a look in the next couple of days and see if I can address whatever's going on.<
AnonJr Posted - 10 March 2008 : 16:39:45
Snitz uses Classic ASP, not .NET... I was looking for the version of VBScript your server had installed. One way to find out:

*All I've got handy is a highly modified version of Snitz, so I can only give you an approximation of what you'll see and what you should add...

Look for a code block that looks something like*:
for each key in Request.ServerVariables
	Response.Write "<tr>" & _
	"<td class=""putc"" valign=""top""><b>" & key & "</b></td>" & _
	"<td class=""putc"" style=""font-family:courier"">"
	if Request.ServerVariables(key) = "" then
		Response.Write " "
	else
		Response.Write Request.Servervariables(key)
	end if 
	Response.Write "</td>" & _
	"</tr>"
next


After that and before this:
if blnDisplay = True then
	'## Code below added to show general ADO/Database Information
	Response.Write "<tr>" & _
	"<td class=""hcc hfc c"" colspan=""2""><b>Database Connection Properties</b></td>" & _
	"</tr>"
	for each item in my_Conn.Properties
		Response.Write "<tr>" & _
		"<td class=""putc"" valign=""top""><b>" & item.name & "</b></td>" & _
		"<td class=""putc"" style=""font-family:courier"">"
		if item.value = "" then
			Response.Write " "
		else
			Response.Write	item.value
		end if
		Response.Write "</td>" & _
		"</tr>"
	next
	'## Code above added to show general ADO/Database Information
end if



Add this:
'Write out the VBScript Version
Response.Write("<tr class=""putc"">" & vbNewLine & _
				"<td valign=""top"" class=""l""><b>Scripting Engine:</b></td>" & _
				"<td class=""putc l"" style=""font-family:courier"">" & _
				ScriptEngine & " v" & ScriptEngineMajorVersion & "." & ScriptEngineMinorVersion & " build " & ScriptEngineBuildVersion & _
				"</td>" & vbNewLine & "</tr>" & vbNewLine)



All told, mine looks like this:
for each key in Request.ServerVariables
	Response.Write "<tr>" & _
	"<td class=""putc"" valign=""top""><b>" & key & "</b></td>" & _
	"<td class=""putc"" style=""font-family:courier"">"
	if Request.ServerVariables(key) = "" then
		Response.Write " "
	else
		Response.Write Request.Servervariables(key)
	end if 
	Response.Write "</td>" & _
	"</tr>"
next

'Write out the VBScript Version
Response.Write("<tr class=""putc"">" & vbNewLine & _
				"<td valign=""top"" class=""l""><b>Scripting Engine:</b></td>" & _
				"<td class=""putc l"" style=""font-family:courier"">" & _
				ScriptEngine & " v" & ScriptEngineMajorVersion & "." & ScriptEngineMinorVersion & " build " & ScriptEngineBuildVersion & _
				"</td>" & vbNewLine & "</tr>" & vbNewLine)

if blnDisplay = True then
	'## Code below added to show general ADO/Database Information
	Response.Write "<tr>" & _
	"<td class=""hcc hfc c"" colspan=""2""><b>Database Connection Properties</b></td>" & _
	"</tr>"
	for each item in my_Conn.Properties
		Response.Write "<tr>" & _
		"<td class=""putc"" valign=""top""><b>" & item.name & "</b></td>" & _
		"<td class=""putc"" style=""font-family:courier"">"
		if item.value = "" then
			Response.Write " "
		else
			Response.Write	item.value
		end if
		Response.Write "</td>" & _
		"</tr>"
	next
	'## Code above added to show general ADO/Database Information
end if


You'll probably need to adjust as I've CSS'd my forum so its not quite set up for a vanilla install.

This adds an extra entry to the "Server Information" option on the Admin. page.

Having said all that, if you're using IIS 6, it shouldn't be an issue now that I think about it...<
leesh695 Posted - 10 March 2008 : 15:52:09
ASP.Net Runtime Version: 2.0
IIS Version: IIS 6.0

If your asking about somthing else can you tell me how to find out?<
AnonJr Posted - 10 March 2008 : 13:54:09
Just a random thought, but what version of VBScript is running on your server? I ask ony because its odd that no one else has had this issue before...<
leesh695 Posted - 09 March 2008 : 13:59:42
Anyideas on this? I would really like to implent this mod

I cant seem to work it out and I dont want to change to much incase I destroy everyones password <
leesh695 Posted - 07 March 2008 : 14:47:48
I got this when I uploaded the new files.

Microsoft VBScript compilation error '800a0414'

Cannot use parentheses when calling a Sub

/forum/forum/inc_header.asp, line 195

UpdateSaltedPassword(strDBNTFUserName, MemberID, strEncodedPassword)
--------------------------------------------------------------------^
<

Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.04 seconds. Powered By: Snitz Forums 2000 Version 3.4.07