Tweet
Forum passwords and how to keep your internet passwords safe
We recently had a discussion on what password encryption is used on the forum.
I believe it was pointed out that it's stored as an MD5 hash, and ultimately this is crackable for short passwords using brute force.
However, VBulletin uses a double hash and a salt. IF you have the salt (it looks like I could get it from the DB) it's still extremely unlikely someone could undo the hashes without a bunch of computing power. I certainly wouldn't know how anyway. Despite rumours to the contrary!
VBulletin support confirm this here:
The best course of action even if you don't think this is safe enough? Simply have a password per website. Then, even if someone hacks you one one site, you're safe on the other zillion you visit.
AND use a very good, long password. E.g. consider using http://strongpasswordgenerator.com/
Cheers,
Deano.
I believe it was pointed out that it's stored as an MD5 hash, and ultimately this is crackable for short passwords using brute force.
However, VBulletin uses a double hash and a salt. IF you have the salt (it looks like I could get it from the DB) it's still extremely unlikely someone could undo the hashes without a bunch of computing power. I certainly wouldn't know how anyway. Despite rumours to the contrary!
VBulletin support confirm this here:
The best course of action even if you don't think this is safe enough? Simply have a password per website. Then, even if someone hacks you one one site, you're safe on the other zillion you visit.
AND use a very good, long password. E.g. consider using http://strongpasswordgenerator.com/
Cheers,
Deano.