MyBB Community Forums

MyBB Community Forums > 1.8 Support > General Support > Is MyBB using "password_hash" on password system?
Full Version: Is MyBB using "password_hash" on password system?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

CoolSummer300

2017-11-04, 06:56 PM
Hi, I'm just curious about MyBB's security.

So that's why I'm asking is MyBB using "password_hash" on their password system.

Just need to know because I need to make my forums a safe place for visitors.

Thanks for any support!  Sleepy

Robbie626

2017-11-04, 07:33 PM
Hi,

I am not sure if this 7 year old thread would help, you might find it useful.

https://community.mybb.com/thread-75972.html

frostschutz

2017-11-04, 07:39 PM
No, it's using a simple salted md5 hash. MyBB still supports PHP versions that do not have "password_hash" yet. (Could use "crypt", but...). As for MyBB's security, the hash only becomes really relevant when a) it's too late already [your forum hacked, your database stolen] and b) users didn't care about their security in the first place by using same passwords everywhere. No excuse to not change it for the sake of changing it, but it does not make your forum any more or less vulnerable.

If you get hacked, no matter how sophisticated your password hash is - users still have to change all their passwords.

Brian.

2017-11-04, 10:09 PM
No. Salted MD5 hash.

Euan T

2017-11-04, 11:34 PM
Also worth noting is that we recently made some changes to add hooks to allow plugins to more easily modify the core hashing methods. This has given rise to plugins such as Devilshakerz's DVZ Hash: https://github.com/dvz/mybb-dvzHash
MyBB Community Forums > 1.8 Support > General Support > Is MyBB using "password_hash" on password system?