Hello There, Guest!

MyBB 1.8.12 with bcrypt password hashes.
Offline
Moderator Moderators
Threads: 5
Posts: 12
Joined: Jun 2017
Reputation:
0


Luxars:
10¢

#1
(This post was last modified: 08-03-2017, 12:17 PM by Mephistopheles)
Why bcrypt?


MyBB's default hashing method is using
Code:
md5(md5($salt).md5($password))
which isn't all too difficult to crack.
Bcrypt with 32 rounds (cost of 5 or 2^5) can bring 8 GTX 1080 Ti GPUs to their knees in hashcat performance: source

I hope to see a Vega variant of these hashcat tests for closure.

Download:


I can't legally call it MyBB anymore, so I had to call it NewBB. It's MyBB but with the hashing method changed and that's about it.
NewBB on Mega

[EDIT]

Remove global.php.bak to global.php (overwrite the existing global.php file) since I haven't gotten around to fixing the errors that it brings up whenever you want to do things. The installer function should be just fine and it should be solid bcrypt without any tricks that you would find with plugins that claim to do something similar to this.
Nor does Mephistopheles first appear to Faustus as a devil who walks up and down on earth to tempt and corrupt any man encountered. He appears because he senses in Faustus’ magical summons that Faustus is already corrupt, that indeed he is already 'in danger to be damned'.
08-03-2017, 12:13 PM
  
Reply
Offline
Moderator Moderators
Threads: 5
Posts: 12
Joined: Jun 2017
Reputation:
0


Luxars:
10¢

#2
Since this post was made the recent versions of MyBB are now running with a different hashing method than the previous versions.

Plus MyBB 2.0+ will be running bcrypt from my tests with the current state of MyBB 2.0.
Nor does Mephistopheles first appear to Faustus as a devil who walks up and down on earth to tempt and corrupt any man encountered. He appears because he senses in Faustus’ magical summons that Faustus is already corrupt, that indeed he is already 'in danger to be damned'.
12-24-2017, 05:38 PM
  
Reply