PDA

View Full Version : Forum passwords and how to keep your internet passwords safe



Deano
06-11-2012, 12:30 PM
We recently had a discussion on what password encryption is used on the forum.

I believe it was pointed out that it's stored as an MD5 hash, and ultimately this is crackable for short passwords using brute force.

However, VBulletin uses a double hash and a salt. IF you have the salt (it looks like I could get it from the DB) it's still extremely unlikely someone could undo the hashes without a bunch of computing power. I certainly wouldn't know how anyway. Despite rumours to the contrary!


VBulletin support confirm this here:
https://www.vbulletin.com/forum/showthread.php/377595-What-cryptographic-hash-function-is-VBulletin-using-for-user-passwords-protection


The best course of action even if you don't think this is safe enough? Simply have a password per website. Then, even if someone hacks you one one site, you're safe on the other zillion you visit.

AND use a very good, long password. E.g. consider using http://strongpasswordgenerator.com/



Cheers,

Deano.