Thread: Mini Mods - Secure BCrypt Password Hashing
View Single Post
  #14  
Old 29 Sep 2012, 22:40
MegaManSec MegaManSec is offline
 
Join Date: Aug 2011
Originally Posted by Adrian Schneider View Post
It has nothing to do with vBulletin.

If someone hacks into your server and gets your database dump, they can brute force that to find other possible passwords for your users.

The whole point of BCrypt is to make that impossible by A) being ridiculously slow, and B) being a more crytographically unique hash.
Wait, so are you talking about:

Dictionary Attacks, or
Rainbow Tables
or hash collisions?

Hash collisions aren't useful, afaik.. they just let you login to your account(or NOT your account) with more than just one password.
__________________
I do free vBulletin modification security checks. PM me.
http://services.internot.info/

Last edited by MegaManSec; 29 Sep 2012 at 22:52.
Reply With Quote