Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-11610

Use a more secure hashing method like bcrypt

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Unverified Fix (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.1.0-dev
    • Fix Version/s: 3.1.0-b1
    • Component/s: Authentication
    • Labels:
      None

      Description

      phpBB has been using the phpass implementation of a salted md5 for password hashes since the beginnings of phpBB 3.0. With the minimum requirement of PHP 5.3.3 for phpBB 3.1 we can and should however move to more secure hashing methods like bcrypt.

      RFC topic: http://area51.phpbb.com/phpBB/viewtopic.php?f=108&t=33231

        Attachments

          Activity

            People

            Assignee:
            naderman Nils Adermann
            Reporter:
            Marc Marc
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: