MyBB Community Forums 1.8 Support General Support v
[Security] Hashing algorithms

Linear Mode
Not Solved [Security] Hashing algorithms
frostschutz Offline

Contributor
Posts: 4,390
Threads: 63
Joined: Nov 2008
Reputation: 262
#7
Not Solved 2017-11-05, 04:13 PM
This user has been denied support. This user has been denied support.
(2017-11-04, 11:31 PM)1234filip Wrote: MyBB uses an outdated MD5 hashing algorithm. Should I switch to bcrypt using plugins or not?

It can be done easily (like, one line change in core easy) but then you're stuck with it forever.

Also you'd have to clean out your backup folder and perhaps old tables in database (if you did any weird stuff or merges in the past) as those still contain the old hashes.

I also have an external script that uses MyBB user authentication, but that checks for a MyBB session cookie first so if you're not already logged into MyBB itself, it won't ask you for a confirmation password either.
Google SEO | Gravatar | Hooks | HTMLPurifier | Overview | Patches | PluginLibrary @ GitHub/frostschutz
Find
Reply


Messages In This Thread
Hashing algorithms - by 1234filip - 2017-11-04, 11:31 PM
RE: Hashing algorithms - by Euan T - 2017-11-04, 11:56 PM
RE: Hashing algorithms - by 1234filip - 2017-11-05, 12:21 AM
RE: Hashing algorithms - by Euan T - 2017-11-05, 09:08 AM
RE: Hashing algorithms - by 1234filip - 2017-11-05, 11:39 AM
RE: Hashing algorithms - by Euan T - 2017-11-05, 03:45 PM
RE: Hashing algorithms - by frostschutz - 2017-11-05, 04:13 PM
RE: Hashing algorithms - by 1234filip - 2017-11-05, 05:28 PM

Forum Jump:


Users browsing this thread: 1 Guest(s)