UseBB Community

Your forum system uses Md5 encriptions on passwords which at simple levels can be cracked. Mabe for the next update add the passwords to the database in Sha1 or even multiple incriptions? Somehow some hakers that want to wast there time can get these passwords. Then:http://gdataonline.com/seekhash.php So mabe just a thought?

It would be helpful, thanx.

I think it's enough to add a salt to the hash. For example:

md5($password . md5($salt . $password));

This will be on the TODO for 2.0, but not 1.0 (as you seem to advise). 1.0 is closed to changes like this. This one would even require all users to reset their passwords.

By the way, every MD5 string can be found by using brute force. A salt code could be a possibility, but when someone gets his hands on the MD5 hashes I guess it wouldn't be hard to find the salt code.

What method are you going to use? Sha1?

hes using just Md5. Do you have a date when 2.0 will come out?

Who would waste their time trying to log into a forum as someone else?

Some people have such easy passwords anyway that it would not be difficult to guess them without hacking into the code.

Lets all run 256bit encryption on https:// websites

Like who would actually bother?

Aka Tolken wrote

What method are you going to use? Sha1?

I don't know that yet, development just started. I'm nowhere near session or user management.

Quote

Do you have a date when 2.0 will come out?

Just try to use the search engine for one time: http://www.usebb.net/community/topic-831.html

prc wrote

hes using just Md5. Do you have a date when 2.0 will come out?

I was not asking about the current method. I already knew that.

Thanks for the info Dietrich.