Critical BUG

ysmods · Aug 9, 2013

Whilst I agree that md5 is vulnerable, its only vulnerable if somehow the malicious user was able to find the md5 hashes.

So unless you are using insecure server/script/database passwords I can't see anyway that the malicious user is going to be able to get the hashes.

I did submit an RFC for salted password hashes back in february: http://forum.mfscripts.com/viewtopic.php?f=13&t=410

uploadchest · Aug 9, 2013

MD5 is, for all intents and purposes, secure for the application. You don't have to use md5, you can use sha1() if you want. It won't be easy to transition to a more secure setup because all previous members passwords would require to be reset as MD5 is hashed.

ysmods · Aug 9, 2013

You could sha1() the md5'd passwords which would make it fairly easy to update the passwords in the database.

Even adding a salt to the passwords in the database would be easy with a simple script.

Even better than md5() or sha1() is the crypt() function

ysmods · Aug 10, 2013

If you do modify the code, please remember that you cannot re-distribute any core files modified or un-modified.

You can however provide a tutorial on how users can change the code themselves.

ysmods · Aug 10, 2013

Feel free to contact Adam regarding the product license.

I am just repeating what I was told regarding re-distribution of the files.

Search

Search

Critical BUG

ikovacs1465

New Member

ysmods

New Member

uploadchest

New Member

ysmods

New Member

ikovacs1465

New Member

ysmods

New Member

ikovacs1465

New Member

ysmods

New Member