Forums

Unfortunately no one can be told what FluxBB is - you have to see it for yourself.

You are not logged in.

#1 2009-08-14 16:23:12

Laburno
Member
Registered: 2009-08-14
Posts: 1

Salted Passwords

Hello,
I noticed that 1.4 do not use salted passwords.
I think this feature should be added for more security, at now all you need is the md5 hash and a rainbow table to hijack an user account. Well, you also need a little luck smile

Salted passwords are used in PunBB 1.3, I think that the same code would work in FluxBB 1.4 too.

Offline

#2 2009-08-14 17:10:30

Reines
Administrator
From: Scotland
Registered: 2008-05-11
Posts: 3,197
Website

Re: Salted Passwords

Salted passwords are used in FluxBB 1.3. I assume the reason they weren't added to 1.4 is because it may cause problems with backwards compatibility (1.4 is designed to be an easy update from 1.2, yes I know the version numbers aren't in order...), but it may be worth considering since you are right it is stupid not to.

I'm not actually sure how badly it would break existing mods and integrations, I wonder how many actually make use of the password field.

Offline

#3 2009-08-14 17:14:03

FSX
Former Developer
From: NL
Registered: 2008-05-09
Posts: 818
Website

Re: Salted Passwords

Edit

What Reines said..

Last edited by FSX (2009-08-14 17:14:51)

Offline

#4 2009-08-14 21:24:36

Smartys
Former Developer
Registered: 2008-04-27
Posts: 3,139
Website

Re: Salted Passwords

Reines: Every single integration of FluxBB into Wordpress, etc would fail. It's not modifications so much as it's integration. wink

Offline

Board footer

Powered by FluxBB