Notice: Any messages purporting to come from this site telling you that your password has expired, or that you need to "verify" your details, making threats, or asking for money, are
spam. We do not email users with any such messages. If you have lost your password you can obtain a new one by using the
password reset link.
Entire forum
➜ Forum
➜ Announcements
➜ Security enhancement - old passwords have been reset
Security enhancement - old passwords have been reset
|
Postings by administrators only.
Refresh page
Posted by
| Nick Gammon
Australia (23,051 posts) Bio
Forum Administrator |
Date
| Tue 16 Aug 2016 03:11 AM (UTC) |
Message
| On 12 Sep 2015 the forum software was upgraded to move from storing passwords as a "hash" to a "salted hash".
Since then, users using the old passwords had their passwords upgraded to the new version when they logged in.
As a security precaution, any passwords not upgraded by now have been reset. If this happens to you, then you will have to click on the "Forgot password" link to get a new password:
http://www.gammon.com.au/forum/bbpassword.php?action=forgot
The difference is that, whilst you cannot directly get a plaintext password back from a hashed password, it is possible to run a "dictionary attack" against a dictionary of common passwords, using the hash as a key. If a match is found, then the password is discovered.
The "salted hash" system uses a different "salt" for each person, rendering a pre-built dictionary useless. In addition, the time taken to hash the plaintext password into the hashed one has been considerably increased, meaning that an attempt to try all possible passwords would take a long time. |
- Nick Gammon
www.gammon.com.au, www.mushclient.com | Top |
|
The dates and times for posts above are shown in Universal Co-ordinated Time (UTC).
To show them in your local time you can join the forum, and then set the 'time correction' field in your profile to the number of hours difference between your location and UTC time.
7,625 views.
Postings by administrators only.
Refresh page
top