Not Solved How secure is myBB password hashing/storage?
#1
Not Solved Photo 
I was just wondering because I noticed the letters A-E being used in my password which seemed easy to decrypt.  I noticed the salt and login key too, but just how secure is MyBB?  Let's say one of our boards gets compromised.  Would a hacker be able to brute force everyone's passwords?
Reply
#2
Not Solved
Yes, only if they have a good list of passwords. But since there are tutorials out there on how to change the hashing algorithm to bCrypt, I'd do that if I were you.
Reply
#3
Not Solved
Yes. MyBB uses salted MD5s which can be brute forced at around 3 billion attempts per second on a modern GPU.

So yeah, consider making the bCrypt modifications for your users sake.

That said, so as long as you keep your server and forum up-to-date and properly limit access to data such as your backups its unlikely someone is going to get their hands on the hashes in the first place.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)