MegaManSec
10-30-2011, 06:46 PM
I suggest a mod that can make it so you can customise how passwords are encrypted..
Let's say someone hacks into your website, Steals your database, and uses a program to crack the hashes(dictionary attack)
Any skid can do this, and they will.
My suggestion:
Make it so you can customise how your password is encrypted..
So let's say the way I want my password encrypted is
md5(md5($pass).$salt.(registertime(username)))
I would set
$config['Password']['hash'] = 'md5(md5($pass).$salt.($registertime($username)))' ;
Everything would be set as a defined spot for the users part of the database..
This would secure a [edit] ton of forums, and stop skids all around
If anyone actually makes this..
:) ily
Let's say someone hacks into your website, Steals your database, and uses a program to crack the hashes(dictionary attack)
Any skid can do this, and they will.
My suggestion:
Make it so you can customise how your password is encrypted..
So let's say the way I want my password encrypted is
md5(md5($pass).$salt.(registertime(username)))
I would set
$config['Password']['hash'] = 'md5(md5($pass).$salt.($registertime($username)))' ;
Everything would be set as a defined spot for the users part of the database..
This would secure a [edit] ton of forums, and stop skids all around
If anyone actually makes this..
:) ily