Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-11610

Use a more secure hashing method like bcrypt

    Details

    • Type: Improvement
    • Status: Unverified Fix
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.1.0-dev
    • Fix Version/s: 3.1.0-b1
    • Component/s: Authentication
    • Labels:
      None

      Description

      phpBB has been using the phpass implementation of a salted md5 for password hashes since the beginnings of phpBB 3.0. With the minimum requirement of PHP 5.3.3 for phpBB 3.1 we can and should however move to more secure hashing methods like bcrypt.

      RFC topic: http://area51.phpbb.com/phpBB/viewtopic.php?f=108&t=33231

        Activity

        There are no comments yet on this issue.

          People

          • Assignee:
            naderman Nils Adermann
            Reporter:
            Marc Marc
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development