0

I am new to Humhub and coding. Anyone have any idea how humhub encrypts the password? I have been failing to create an encryption function in PHP for my subdomains to use the same database that I created when I installed Humhub. I seriously do not get how this works.. https://github.com/humhub/humhub/blob/master/protected/humhub/modules/user/models/Password.php#L43

Sylvester
  • 1
  • 1

2 Answers2

1

This answer comes late. But for everyone looking for a solution, this is how Humhub encrypts the password:

  1. Take the password string, let's say is: dummy.
  2. Generate a uuid string and concatenates to password: dummy889e9f96-91f6-45d2-bc3b-ab8d80ea6311
  3. Encrypt this with whirlpool algorithm: whirlpool(dummy889e9f96-91f6-45d2-bc3b-ab8d80ea6311) = hash1
  4. Encrypt the string in the preceding step with sha512 algorithm: sha512(hash1) = encrypt_password.
  5. This encrypt_password will be on the password field in the user_password database. Also you need the uuid from 2 to the field salt in the user_password table.

Al of this is using sha512-whirlpool method

mnille
  • 1,328
  • 4
  • 16
  • 20
Kevin Rivera
  • 11
  • 2
0

I had a similar problem. I wanted to fill the user database of HumHub with users and passwords by VBScript, but didn't found a solution for a whirlpool encryption, but as I found in the source code, HumHub also supports SHA512.

The passwords are stored in the table user_password. Put "sha512" in the column algorythm. Put a GUID in the salt column.

Function CreateGUID
    Dim TypeLib
    Set TypeLib = CreateObject("Scriptlet.TypeLib")
    CreateGUID = LCase(Mid(TypeLib.Guid, 2, 36))
End Function

Then add the salt to the password [Hash(Passwort & Salt)] and generate a Hash with the following function:

Function Hash(param)
    crypt.HashAlgorithm = "sha512"
    crypt.EncodingMode = "hex"
    hash = LCase(crypt.HashStringENC(param))
End Function

Put this hash in the password column.

In the following tables also a row has to be inserted that a user can successfully log on to HumHub:

user
user_password
group_user
space_membership
profile
contentcontainer
R2D2
  • 3
  • 1