MyBB Tutorials

Using bcrypt on your MyBB forum.

Submitted by cute, , Thread ID: 8621

Thread Closed

RE: Using bcrypt on your MyBB forum.

#21
I have seen similar tutorials on this. And in all of then, you had to edit the password of the current members, which is a very big task. Is it the same with this tutorial?

RE: Using bcrypt on your MyBB forum.

#22
07-08-2015, 10:13 AM
Nekomimi Wrote:
07-08-2015, 10:00 AM
Gummy Wrote:
What does this thing do?

Makes MyBB use the bcrypt hashing algorithm instead of the MD5 + Salt algorithm that it uses by default.

Here's a post by one of the members of my forum explaining it after I implemented it myself:
[Image: 2f9e27089085b23ce910c59e642ba7df.png]

i'm on that forum :D

RE: Using bcrypt on your MyBB forum.

#23
18-09-2015, 04:51 PM
DP_PN Wrote:
17-09-2015, 01:11 AM
Pulseeey Wrote:
16-09-2015, 02:06 PM
DP_PN Wrote:
The weakness of the password storage method is irrelevant to be honest with you. If you have the hash, that you took from the database, you also have the loginkey. With the loginkey, you can instantly start a session for any user, without using a password.

I would have thought people would be more concerned regarding their (potentially) everyday-use password being known, rather than someone being able to login to their forum account?

If I was made aware that a database was leaked, that contained my everyday password. I wouldn't give 2 fucks about the compromised website, I'd be too busy resetting all the shit that uses that password.

FYI, All of my passwords are different and complex, this is an example.
if you have different passwords everywhere that's not your concern. It would be whether or not someone can authenticate as you, without even knowing your password...

17-09-2015, 01:04 AM
Nekomimi Wrote:
16-09-2015, 02:06 PM
DP_PN Wrote:
The weakness of the password storage method is irrelevant to be honest with you. If you have the hash, that you took from the database, you also have the loginkey. With the loginkey, you can instantly start a session for any user, without using a password.

Not if you force everyone to logout in the event of a breach.
What's the point of having the password? Isn't it to authenticate? You can bypass the hassle of having to bruteforce millions of combinations by simply using the loginkey. Of course if someone finds out there was a breach, the logout can be forced. It's the same breach people would use to get the password hashes so it would still be possible to alert everyone to change password before you could even use it. A lot of people use the same password for different sites, that's right - and that's the only advantage of getting the password rather than the loginkey.

I'm either really chill, or I'm unusual. I personally wouldn't give a fuck if someone had my login key, I'd be more concerned regarding my passwords (whether they are the same for other sitesor not).

RE: Using bcrypt on your MyBB forum.

OP
#24
18-09-2015, 04:51 PM
DP_PN Wrote:
What's the point of having the password? Isn't it to authenticate? You can bypass the hassle of having to bruteforce millions of combinations by simply using the loginkey. Of course if someone finds out there was a breach, the logout can be forced. It's the same breach people would use to get the password hashes so it would still be possible to alert everyone to change password before you could even use it. A lot of people use the same password for different sites, that's right - and that's the only advantage of getting the password rather than the loginkey.

Forcing everyone to logout renders the loginkeys useless in the event of a breach, as they would have to login and generate a new loginkey.

18-09-2015, 06:43 PM
Joseahfer Wrote:
I have seen similar tutorials on this. And in all of then, you had to edit the password of the current members, which is a very big task. Is it the same with this tutorial?

No, this tutorial automatically converts your passwords from md5 to bcrypt over time as people login.
[Image: ZtDsXXv.png]

RE: Using bcrypt on your MyBB forum.

#25
19-09-2015, 03:43 AM
Nekomimi Wrote:
No, this tutorial automatically converts your passwords from md5 to bcrypt over time as people login.

Thanks for your answer, then I will be very useful. Now I look at it. (:

RE: Using bcrypt on your MyBB forum.

#26
No idea what bcrypt is but would like to see still.

RE: Using bcrypt on your MyBB forum.

#27
This looks really usefull i will check this out later. Sorry for bumping old thread

RE: Using bcrypt on your MyBB forum.

#28
07-08-2015, 03:10 AM
Tropical Wrote:
Akay almost fucked up RF doing this lol :noh:

Are you Dad or Predatard? Just wondering (I'm pancuck :nohSmile

Users browsing this thread: 2 Guest(s)