Thread: Mini Mods - Secure BCrypt Password Hashing
View Single Post
Old 29 Sep 2012, 22:10
MegaManSec MegaManSec is offline
Join Date: Aug 2011
Originally Posted by Adrian Schneider View Post
It has nothing to do with vBulletin.

If someone hacks into your server and gets your database dump, they can brute force that to find other possible passwords for your users.

The whole point of BCrypt is to make that impossible by A) being ridiculously slow, and B) being a more crytographically unique hash.
Well, BCrypt is not impossible to brute force, it just takes longer, as you've said.

First of all, if they cracked the MD5, what would they get?
They would get the bcrypt value.
Then what? Then they have to crack that.
That's the pointy.
I do free vBulletin modification security checks. PM me.
Reply With Quote