• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Enacting encryption on PHPBB Private Messages

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Cryptographic Theory and Cryptanalysis - Internal and Transmission Security

View previous topic :: View next topic  
Author Message
cannonfodder
Just Arrived
Just Arrived


Joined: 08 Nov 2002
Posts: 0


Offline

PostPosted: Fri Nov 08, 2002 3:29 am    Post subject: Enacting encryption on PHPBB Private Messages Reply with quote

Hi,

I run a phpbb board and have noticed that Private Messages are not encrypted in the mySQL database. I have barely learned enought php to start hacking the code and am wondering if anyone has any suggestions on how I can achieve encryption of the PM's so users are assured of privacy from those who can download the database. Any ideas?
Back to top
View user's profile Send private message
ShaolinTiger
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777215
Location: Kuala Lumpur, Malaysia

Offline

PostPosted: Fri Nov 15, 2002 5:11 pm    Post subject: Reply with quote

Have a look at how the password is hashed using md5.

You could implement the same thing for pm's when storing them in the database.

PHP has md5 support built in, and some other hashing functions I believe.

Have a play around..

It will add an extra overhead and only the owner of the web-site can download the database anyway (so even if it was encrypted they could decrypt it or put the mod in to read PM's).
Back to top
View user's profile Send private message Visit poster's website
hads
Trusted SF Member
Trusted SF Member


Joined: 23 May 2002
Posts: 3
Location: New Zealand

Offline

PostPosted: Sat Nov 16, 2002 2:22 am    Post subject: Reply with quote

Isn't MD5 a one-way encryption algorithim?

I don't know of any PHP function that uses two-way encryption. I could be wrong but I would say that you would have to compose your own crypt/decrypt functions if you wanted to be able to disply the messages to the receipient.

Hope this helps.
Back to top
View user's profile Send private message
b4rtm4n
Trusted SF Member
Trusted SF Member


Joined: 26 May 2002
Posts: 16777206
Location: Bi Mon Sci Fi Con

Offline

PostPosted: Sat Nov 16, 2002 9:24 pm    Post subject: Reply with quote

MD5 is a oneway crypto (AFAIK)
The hash is stored and the when the p/word is entered the hashes are compared. All thats needed is to store the hash in th SQL db.

There is an infinitisimal chance of two different p/word hashes matching but its less than winning every lottery jackpot in the world simultaenously (avoiding maths Wink))) )
Back to top
View user's profile Send private message Send e-mail
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Cryptographic Theory and Cryptanalysis - Internal and Transmission Security All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register