Topic: What hash algorithm is used for the user accounts? (Read 433 times)
theymos has posted on Reddit a few times, and he's stated that passwords are salted with unique salts, and then hashed with 7500 rounds of SHA-256. The unique salts help in the fact that if someone tries to crack passwords from the database, they can't crack multiple passwords at once because they all use unique salts. Even though it sounds like you have a secure password, I'd change it anyway, just to be sure that nobody else will have access to your account, or others accounts you may have with the same password.
According to Theymos in his post before the forum went back down:
Quote
Passwords are hashed with 7500 rounds of sha256crypt. This is pretty good, but certainly not beyond attack. Note that even though SHA-256 is used here, sha256crypt is different enough from Bitcoin's SHA-256d PoW algorithm that Bitcoin mining ASICs almost certainly cannot be modified to crack forum passwords.
If it's sha256 I don't really care but if its using the default SMF which is sha1 should I be concerned? My password is 30+ chars with mixed charset so a rainbow table is highly unlikely. I mean, I don't want to have to do anything if its computationally infeasible to reverse 
Jump to: