Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-11610

Use a more secure hashing method like bcrypt

    Details

    • Type: Improvement
    • Status: Unverified Fix
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.1.0-dev
    • Fix Version/s: 3.1.0-b1
    • Component/s: Authentication
    • Labels:
      None

      Description

      phpBB has been using the phpass implementation of a salted md5 for password hashes since the beginnings of phpBB 3.0. With the minimum requirement of PHP 5.3.3 for phpBB 3.1 we can and should however move to more secure hashing methods like bcrypt.

      RFC topic: http://area51.phpbb.com/phpBB/viewtopic.php?f=108&t=33231

        Attachments

          Activity

            People

            • Assignee:
              naderman Nils Adermann
              Reporter:
              Marc Marc
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: