Not Solved [Security] Is MyBB using "password_hash" on password system?
#1
Not Solved Information 
Hi, I'm just curious about MyBB's security.

So that's why I'm asking is MyBB using "password_hash" on their password system.

Just need to know because I need to make my forums a safe place for visitors.

Thanks for any support!  Sleepy
Reply
#2
Not Solved
Hi,

I am not sure if this 7 year old thread would help, you might find it useful.

https://community.mybb.com/thread-75972.html
Best Regards,
Robert

[Image: ppadbanner.gif]
Reply
#3
Not Solved
This user has been denied support. This user has been denied support.
No, it's using a simple salted md5 hash. MyBB still supports PHP versions that do not have "password_hash" yet. (Could use "crypt", but...). As for MyBB's security, the hash only becomes really relevant when a) it's too late already [your forum hacked, your database stolen] and b) users didn't care about their security in the first place by using same passwords everywhere. No excuse to not change it for the sake of changing it, but it does not make your forum any more or less vulnerable.

If you get hacked, no matter how sophisticated your password hash is - users still have to change all their passwords.
Reply
#4
Not Solved
No. Salted MD5 hash.
Reply
#5
Not Solved
Also worth noting is that we recently made some changes to add hooks to allow plugins to more easily modify the core hashing methods. This has given rise to plugins such as Devilshakerz's DVZ Hash: https://github.com/dvz/mybb-dvzHash
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)