MyBB Community Forums

Full Version: Improve password security (custom hashing?)
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Is there a method to improve the current myBB password security?

So that in the unlikely event that a database was stolen, the passwords would be uncrackable/extremely difficult to crack?

I'm no good with hashing and I'm an SQL novice so..
As far as I know there is no option aside from the default salted MD5.

That said, I've had plans for a while to add support for bcrypt hashes although it will require numerous core edits. The idea is to have it passively convert MD5'd passwords by checking what type of password is stored when the user logs in and will update it if necessary.

I'll likely wait until 1.8 is a bit nearer before I start though.
Just make a random HARD encryption, like this one:

md5(sha1(base64_encode($string)))
base64_encode($string)

Smile