Not Solved How secure is myBB password hashing/storage?
#3
Not Solved
Yes. MyBB uses salted MD5s which can be brute forced at around 3 billion attempts per second on a modern GPU.

So yeah, consider making the bCrypt modifications for your users sake.

That said, so as long as you keep your server and forum up-to-date and properly limit access to data such as your backups its unlikely someone is going to get their hands on the hashes in the first place.
Reply


Messages In This Thread
RE: How secure is myBB password hashing/storage? - by Cameron:D - 2016-05-02, 12:29 PM

Forum Jump:


Users browsing this thread: 1 Guest(s)