Red Planet
Forum for the anti-capitalist left.

Home » Misc. » Meta » Security of Forum software
Show: Today's Messages :: Show Polls :: Message Navigator
Switch to threaded view of this topic Create a new topic Submit Reply
icon10.gif  Security of Forum software [message #94] Mon, 21 January 2019 12:19 Go to next message
Fulcrum
Messages: 7
Registered: January 2019
Location: UK
So I've visited this forum and it seems like pretty oldschool forum software.

I'm a little wary about how passwords are stored in the database. For many older forum softwares the password is stored in plain text or using a weak hash (like MD5 or SHA1) this means if an exploit is used to get the forum database a hacker could theoretically unhash those passwords and use them with the provided email addresses. This might let them access our accounts on other websites, email or social media, potentially it could be used to Dox us or get us fired. Can an admin confirm passwords are hashed with a sufficiently strong algorithm, ideally salted too.
Re: Security of Forum software [message #99 is a reply to message #94] Mon, 21 January 2019 15:12 Go to previous message
kapo
Messages: 65
Registered: January 2019

Administrator
The passwords are sha1 hashed and salted.

Email isn't required for registration. Just type in anything that looks like an email, like email@email.com. I toyed with the idea of just editing the validate function to return true for anything typed there but thought better not.

You should use a different password for every website. Never assume your data is 100% safe. That is why I'm trying to have this place collect as little information as possible. All you need to register is a username and password.

[Updated on: Mon, 21 January 2019 15:14]

Report message to a moderator

  Switch to threaded view of this topic Create a new topic Submit Reply
Previous Topic: News
Next Topic: question: how will moderation work?
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Wed Aug 21 09:04:19 UTC 2019

Total time taken to generate the page: 0.03265 seconds