NukeCops - PHP-Nuke 7.1 with SHA1 password hashes now available

Mil-Sim.net has released a patch for PHP-Nuke version 7.1 allowing the use of secure SHA1 or MD5 password hashes. Using 160bit SHA1 hashes makes your user/admin passwords much harder to crack (compared to standard MD5), even if the attacker manages to access your database, e.g. through a SQL injection exploit. The hash type by default is set to SHA1 and can be easily changed in 'config.php'. No additional PHP extensions or external programs are required.

Applying the patch

Download PHP-Nuke 7.1.MilSim1 patch from Mil-Sim.net downloads section
Uncompress the official PHP-Nuke 7.1 archive to a new directory 'PHP-Nuke-7.1'
Uncompress the patch file to 'PHP-Nuke-7.1' directory
Change the current working directory to 'PHP-Nuke-7.1' and type:

patch -p1

Installation procedure is essentially the same as with standard PHP-Nuke 7.1. Make sure to choose your unique site key and preferred digest method in 'config.php' file.

Please note this version has not yet been extensively tested and you should not use it in a production environment without further testing. A new version including Chatserv's fixes will be released at a later time.

Changes

Added 'includes/class.sha.php' class

Added Digest class to 'mainfile.php'

Added $digesttype configuration variable in 'config.php'

Changed 'minpass' value in 'nuke.sql' to 8

For the full list of changes refer to the PHP-Nuke-7.1.M1-patch file.

About Mil-Sim.net

Military Research and Simulations Initiative (Mil-Sim.net) is an organisation specialising in information systems security, and military and strategic studies. Our activites include software development, consulting, and research on weapons systems and orders of battle.

Please visit the Mil-Sim.net home page for more information.