0 Members and 2 Guests are viewing this topic.
Question, did the "hackers" found this ages ago or just lately?
/**************************************** * old md5 method (like is used in this forum) * ****************************************/$password = "MySecretPassword123";$hashed_password = md5($password); // hash which is stored in database/***************************************** new recomended method of md5 usage * ****************************************/$SALT = "soldatforumssecret342"; // secret "salt" string$password = "MySecretPassword123";$password .= $SALT; // concatenate with "salt" -> "MySecretPassword123soldatforumssecret342"$hashed_password = md5($password); // hash which is stored in database
FliesLikeABrick md5 is nowadays relate low protection hash for security things like storing passwords in database, because as you mention there are exists md5 hashes databases, which potentially can use person who has access to hashes (like in this potential leak). Recommendation is to use (own chosen) "salt" secret word which is concatenate to string (in this case password) before md5 hashing, which make all premaded md5 hashes database unusefull for potential attacker.Code: [Select]/**************************************** * old md5 method (like is used in this forum) * ****************************************/$password = "MySecretPassword123";$hashed_password = md5($password); // hash which is stored in database/***************************************** new recomended method of md5 usage * ****************************************/$SALT = "soldatforumssecret342"; // secret "salt" string$password = "MySecretPassword123";$password .= $SALT; // concatenate with "salt" -> "MySecretPassword123soldatforumssecret342"$hashed_password = md5($password); // hash which is stored in databaseEven if attacker will find in the future salt, he can`t use any premaded md5 hashes database.FliesLIkeABrick if you want to manual reprogram forum code to simultaneous use "old" md5 hashes (for users that haven`t update their passwords yep) and new "salted" hashes give me a sign on PM.
you can also do md5(md5()) or sha1() and whatnot
Don't just change your Soldat forums password. Change any password you use anywhere else. This is especially important if you're lazy and you use the same password here for say, your email, or your system log-on.Change your passwords frequently, anyway. About once every three months or so.