Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Anyone convert MyBB and DB hashes to SHA-256?
#1
Lightbulb 
Upon reading this article:
http://security.stackexchange.com/questi...ll-use-md5

It got me thinking, I'd like to take the progressive step forward and do a core edit to use SHA-256 instead of MD5 and convert the existing db to SHA-256 but not sure if conversion is possible.. so maybe just requesting anyone who tries to log back in with a MD5 hash to reset their password.

Has anyone done this and if so will you share the steps you took so myself and others can replicate them?

Smile thanks!
#2
This user has been denied support. This user has been denied support.
Pointless effort.
#3
Hypothetically, if you were to go through the trouble of changing all this (probably not worth it), you should at least take some time to do it right and use bcrypt. There's a new password hashing API in PHP 5.5 which implements bcrypt by default. Luckily you can use this same API right now by leveraging ircmaxell/password_compat for forward compatibility (which Laravel and many other frameworks are implementing), meaning you can safely use the API right now and simply drop ircmaxell's library when PHP 5.5 becomes available to you.
#4
Interesting, thank you Fábio.

edit:
Hey I've been reading those links, the bcrypt article is fantastic! Thank you!


Forum Jump:


Users browsing this thread: 1 Guest(s)