XF 2.1 Password cracking opinions sought

Napalm_beach

Napalm_beach

Member
I've got a user who is certain someone has our registration database and has cracked the forum passwords. I think this is unlikely in the extreme: We have over-the-top security on our server to prevent injection attacks and the bcrypt on XF 2.1 is serious.

My question: Are the passwords individually salted or otherwise subject to additional encryption to make them even more difficult to crack? I realize nothing is impossible but... is it fair to say that no one in their right mind would expend the time and computing resources necessary to crack the bcrypt-encoded passwords of a sailing forum when there's no financial data to be gained?
 
Sort by date Sort by votes
Napalm_beach said:
My question: Are the passwords individually salted or otherwise subject to additional encryption to make them even more difficult to crack? I realize nothing is impossible but... is it fair to say that no one in their right mind would expend the time and computing resources necessary to crack the bcrypt-encoded passwords of a sailing forum when there's no financial data to be gained?
Click to expand...

Unless they have managed to change the auth code to siphon off the passwords before being encrypted it would be very unlikely. Each password is uniquely salted and as you know bcrypt passes make cracking them an extremely difficult task.

More likely it is password re-use to blame on less secure sites.
 
Upvote 3 Downvote
You must log in or register to reply here.
Back
Top Bottom