MyBB Community Forums
How secure is myBB password hashing/storage? - Printable Version

+- MyBB Community Forums (https://community.mybb.com)
+-- Forum: 1.8 Support (https://community.mybb.com/forum-175.html)
+--- Forum: General Support (https://community.mybb.com/forum-176.html)
+--- Thread: How secure is myBB password hashing/storage? (/thread-192437.html)



How secure is myBB password hashing/storage? - fysfdh3 - 2016-05-01

I was just wondering because I noticed the letters A-E being used in my password which seemed easy to decrypt.  I noticed the salt and login key too, but just how secure is MyBB?  Let's say one of our boards gets compromised.  Would a hacker be able to brute force everyone's passwords?


RE: How secure is myBB password hashing/storage? - Sazze - 2016-05-01

Yes, only if they have a good list of passwords. But since there are tutorials out there on how to change the hashing algorithm to bCrypt, I'd do that if I were you.


RE: How secure is myBB password hashing/storage? - Cameron:D - 2016-05-02

Yes. MyBB uses salted MD5s which can be brute forced at around 3 billion attempts per second on a modern GPU.

So yeah, consider making the bCrypt modifications for your users sake.

That said, so as long as you keep your server and forum up-to-date and properly limit access to data such as your backups its unlikely someone is going to get their hands on the hashes in the first place.