[Home] [Downloads] [Search] [Help/forum]

Register forum user name Search FAQ

Gammon Forum

See www.mushclient.com/spam for dealing with forum spam. Please read the MUSHclient FAQ!

[Folder]  Entire forum
-> [Folder]  Forum
. -> [Folder]  Announcements
. . -> [Subject]  Security enhancement - old passwords have been reset
Security enhancement - old passwords have been reset

Postings by administrators only.

[Refresh] Refresh page

Posted by Nick Gammon   Australia  (22,884 posts)  [Biography] bio   Forum Administrator
Date Tue 16 Aug 2016 03:11 AM (UTC)
Message
On 12 Sep 2015 the forum software was upgraded to move from storing passwords as a "hash" to a "salted hash".

Since then, users using the old passwords had their passwords upgraded to the new version when they logged in.

As a security precaution, any passwords not upgraded by now have been reset. If this happens to you, then you will have to click on the "Forgot password" link to get a new password:

http://www.gammon.com.au/forum/bbpassword.php?action=forgot

The difference is that, whilst you cannot directly get a plaintext password back from a hashed password, it is possible to run a "dictionary attack" against a dictionary of common passwords, using the hash as a key. If a match is found, then the password is discovered.

The "salted hash" system uses a different "salt" for each person, rendering a pre-built dictionary useless. In addition, the time taken to hash the plaintext password into the hashed one has been considerably increased, meaning that an attempt to try all possible passwords would take a long time.
- Nick Gammon

www.gammon.com.au, www.mushclient.com
[Go to top] top

The dates and times for posts above are shown in Universal Co-ordinated Time (UTC).

To show them in your local time you can join the forum, and then set the 'time correction' field in your profile to the number of hours difference between your location and UTC time.

6,577 views.

Postings by administrators only.

[Refresh] Refresh page

Go to topic:           Search the forum

[Go to top] top

Quick links: MUSHclient. MUSHclient help. Forum shortcuts. Posting templates. Lua modules. Lua documentation.

Information and images on this site are licensed under the Creative Commons Attribution 3.0 Australia License unless stated otherwise.

[Home]

Written by Nick Gammon - 5K   profile for Nick Gammon on Stack Exchange, a network of free, community-driven Q&A sites   Marriage equality

Comments to: Gammon Software support
[RH click to get RSS URL] Forum RSS feed ( https://gammon.com.au/rss/forum.xml )

[Best viewed with any browser - 2K]    [Hosted at FutureQuest]