Register forum user name Search FAQ

Gammon Forum

Notice: Any messages purporting to come from this site telling you that your password has expired, or that you need to "verify" your details, making threats, or asking for money, are spam. We do not email users with any such messages. If you have lost your password you can obtain a new one by using the password reset link.
 Entire forum ➜ Forum ➜ Announcements ➜ Security enhancement - old passwords have been reset

Security enhancement - old passwords have been reset

Postings by administrators only.

Refresh page


Posted by Nick Gammon   Australia  (23,051 posts)  Bio   Forum Administrator
Date Tue 16 Aug 2016 03:11 AM (UTC)
Message
On 12 Sep 2015 the forum software was upgraded to move from storing passwords as a "hash" to a "salted hash".

Since then, users using the old passwords had their passwords upgraded to the new version when they logged in.

As a security precaution, any passwords not upgraded by now have been reset. If this happens to you, then you will have to click on the "Forgot password" link to get a new password:

http://www.gammon.com.au/forum/bbpassword.php?action=forgot

The difference is that, whilst you cannot directly get a plaintext password back from a hashed password, it is possible to run a "dictionary attack" against a dictionary of common passwords, using the hash as a key. If a match is found, then the password is discovered.

The "salted hash" system uses a different "salt" for each person, rendering a pre-built dictionary useless. In addition, the time taken to hash the plaintext password into the hashed one has been considerably increased, meaning that an attempt to try all possible passwords would take a long time.

- Nick Gammon

www.gammon.com.au, www.mushclient.com
Top

The dates and times for posts above are shown in Universal Co-ordinated Time (UTC).

To show them in your local time you can join the forum, and then set the 'time correction' field in your profile to the number of hours difference between your location and UTC time.


7,625 views.

Postings by administrators only.

Refresh page

Go to topic:           Search the forum


[Go to top] top

Information and images on this site are licensed under the Creative Commons Attribution 3.0 Australia License unless stated otherwise.