MyBB Community Forums

Full Version: How secure is myBB password hashing/storage?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
I was just wondering because I noticed the letters A-E being used in my password which seemed easy to decrypt.  I noticed the salt and login key too, but just how secure is MyBB?  Let's say one of our boards gets compromised.  Would a hacker be able to brute force everyone's passwords?
Yes, only if they have a good list of passwords. But since there are tutorials out there on how to change the hashing algorithm to bCrypt, I'd do that if I were you.
Yes. MyBB uses salted MD5s which can be brute forced at around 3 billion attempts per second on a modern GPU.

So yeah, consider making the bCrypt modifications for your users sake.

That said, so as long as you keep your server and forum up-to-date and properly limit access to data such as your backups its unlikely someone is going to get their hands on the hashes in the first place.