Not Solved [Security] Hashing algorithms
#2
Not Solved
Quote:Should I switch to bcrypt using plugins or not?

If your host supports a current version of PHP (>= PHP 5.6), it would be worthwhile - it certainly won't do any harm. I recommend DVZ Hash: https://github.com/dvz/mybb-dvzHash

Quote:Is this a major security issue?

If your hosting is somehow breached or a bad attacker gains access to your database in some way, it would be possible for them to crack your users' passwords. However, if they breach your hosting, they will likely also gain filesystem access and will circumvent any code that makes their life difficult (eg: they will place code to log passwords in plaintext on login).

A stronger hashing algorithm slows down the process of cracking user passwords should your database become compromised, but is not a silver bullet that will solve all your problems.

Basically: know your threat model.

Quote:Also when does Mybb 2 come out?

We do not give out solid dates for releases, and tend to stick with "when it's ready". At the minute there is some discussion about the future of the project - you can Cath up here: https://community.mybb.com/thread-213361.html
Reply


Messages In This Thread
Hashing algorithms - by 1234filip - 2017-11-04, 11:31 PM
RE: Hashing algorithms - by Euan T - 2017-11-04, 11:56 PM
RE: Hashing algorithms - by 1234filip - 2017-11-05, 12:21 AM
RE: Hashing algorithms - by Euan T - 2017-11-05, 09:08 AM
RE: Hashing algorithms - by 1234filip - 2017-11-05, 11:39 AM
RE: Hashing algorithms - by Euan T - 2017-11-05, 03:45 PM
RE: Hashing algorithms - by frostschutz - 2017-11-05, 04:13 PM
RE: Hashing algorithms - by 1234filip - 2017-11-05, 05:28 PM

Forum Jump:


Users browsing this thread: 1 Guest(s)