Not Solved [Security] Is MyBB using "password_hash" on password system?
#3
Not Solved
This user has been denied support. This user has been denied support.
No, it's using a simple salted md5 hash. MyBB still supports PHP versions that do not have "password_hash" yet. (Could use "crypt", but...). As for MyBB's security, the hash only becomes really relevant when a) it's too late already [your forum hacked, your database stolen] and b) users didn't care about their security in the first place by using same passwords everywhere. No excuse to not change it for the sake of changing it, but it does not make your forum any more or less vulnerable.

If you get hacked, no matter how sophisticated your password hash is - users still have to change all their passwords.
Reply


Messages In This Thread
RE: Is MyBB using "password_hash" on password system? - by frostschutz - 2017-11-04, 07:39 PM

Forum Jump:


Users browsing this thread: 1 Guest(s)