DVZ Hash

by Devilshakerz 17 Stars 1,316 Downloads

Upgrades the password hash algorithm and converts old passwords on the fly.

Project Details

[Image: GitHub-Mark.png] GitHub repository: dvz/mybb-dvzHash

See README.md for technical details.
See SECURITY.md for information on secure usage and reporting security issues.
See Improving Security of Stored Passwords in MyBB 1.8.x for introduction.

While this plugin is considered stable, it is highly recommended that only webmasters familiar with principles of password hashing, encryption (if used) and MyBB's architecture & database structure maintain the plugin on live boards.

This plugin requires PHP version 7.0 or higher (>= 7.2 for Argon2i, >= 7.3 for Argon2id, >= 7.4 for benchmark tool).
This plugin requires MyBB version 1.8.11 or higher.

Features
  • Extensible hashing algorithms (includes argon2id, mybb_argon2id, bcrypt, mybb_bcrypt, sha512_bcrypt out of the box),
  • On-the-fly algorithm conversion and upgrades,
  • Algorithm wrapping,
  • Hash encryption (with keys stored in config.php and environment variables),
  • Algorithm downgrades (e.g. for MyBB installer compatibility),
  • Execution time benchmark to aid parameter choices

Suggestions and general feedback: https://community.mybb.com/thread-209705.html

Previews

Author
Devilshakerz
Collaborators
None
Version
1.2.1
Submitted
2017-04-09, 12:30 AM
Last Updated
2022-09-17, 11:09 AM
Bug Tracking
Disabled
MyBB Versions
1.8.x