Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Not Solved [How To?] What encryption does myBB use for passwords?
#1
Not Solved
What encryption/hashing is myBB using for passwords stored in the DB?

What other security features are being used by myBB?


Edit:

Nvm, I checked the code myself and found this...
function salt_password($password, $salt)
{
	return md5(md5($salt).$password);
}

MD5 is super-outdated and deemed unsafe. Updating this to a more secure encryption should be prioritized!

MD5 and SHA-1 are emphatically poor choices for storing passwords. The problem is not their collision-resistance; it's that they're designed to be extremely fast. A modern GPU can attempt upwards of billions of passwords per second when brute-forcing through a list of hashes. This can shred through every possible eight-character alphanumeric password in at most a few days; that's with just one GPU.
Reply


Messages In This Thread
What encryption does myBB use for passwords? - by W13 - 09-05-2018, 10:57 AM

Forum Jump:


Users browsing this thread: 1 Guest(s)