Not Solved [How To?] What encryption does myBB use for passwords?
Not Solved
What encryption/hashing is myBB using for passwords stored in the DB?

What other security features are being used by myBB?


Nvm, I checked the code myself and found this...
function salt_password($password, $salt)
	return md5(md5($salt).$password);

MD5 is super-outdated and deemed unsafe. Updating this to a more secure encryption should be prioritized!

MD5 and SHA-1 are emphatically poor choices for storing passwords. The problem is not their collision-resistance; it's that they're designed to be extremely fast. A modern GPU can attempt upwards of billions of passwords per second when brute-forcing through a list of hashes. This can shred through every possible eight-character alphanumeric password in at most a few days; that's with just one GPU.

Messages In This Thread
What encryption does myBB use for passwords? - by W13 - 2018-09-05, 10:57 AM

Forum Jump:

Users browsing this thread: 1 Guest(s)