MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 Security Management and Support > Anyone convert MyBB and DB hashes to SHA-256?
Full Version: Anyone convert MyBB and DB hashes to SHA-256?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

WebDevandPhoto

2013-03-25, 01:15 AM
Upon reading this article:
http://security.stackexchange.com/questi...ll-use-md5

It got me thinking, I'd like to take the progressive step forward and do a core edit to use SHA-256 instead of MD5 and convert the existing db to SHA-256 but not sure if conversion is possible.. so maybe just requesting anyone who tries to log back in with a MD5 hash to reset their password.

Has anyone done this and if so will you share the steps you took so myself and others can replicate them?

Smile thanks!

frostschutz

2013-03-25, 02:08 AM
Pointless effort.

faviouz

2013-03-25, 03:14 AM
Hypothetically, if you were to go through the trouble of changing all this (probably not worth it), you should at least take some time to do it right and use bcrypt. There's a new password hashing API in PHP 5.5 which implements bcrypt by default. Luckily you can use this same API right now by leveraging ircmaxell/password_compat for forward compatibility (which Laravel and many other frameworks are implementing), meaning you can safely use the API right now and simply drop ircmaxell's library when PHP 5.5 becomes available to you.

WebDevandPhoto

2013-03-25, 03:47 PM
Interesting, thank you Fábio.

edit:
Hey I've been reading those links, the bcrypt article is fantastic! Thank you!
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 Security Management and Support > Anyone convert MyBB and DB hashes to SHA-256?