Author

Topic: What hash algorithm is used for the user accounts? (Read 459 times)

legendary
Activity: 1694
Merit: 1024
theymos has posted on Reddit a few times, and he's stated that passwords are salted with unique salts, and then hashed with 7500 rounds of SHA-256. The unique salts help in the fact that if someone tries to crack passwords from the database, they can't crack multiple passwords at once because they all use unique salts. Even though it sounds like you have a secure password, I'd change it anyway, just to be sure that nobody else will have access to your account, or others accounts you may have with the same password.
sr. member
Activity: 268
Merit: 258
According to Theymos in his post before the forum went back down:
Quote
Passwords are hashed with 7500 rounds of sha256crypt. This is pretty good, but certainly not beyond attack. Note that even though SHA-256 is used here, sha256crypt is different enough from Bitcoin's SHA-256d PoW algorithm that Bitcoin mining ASICs almost certainly cannot be modified to crack forum passwords.
newbie
Activity: 21
Merit: 0
If it's sha256 I don't really care but if its using the default SMF which is sha1 should I be concerned? My password is 30+ chars with mixed charset so a rainbow table is highly unlikely. I mean, I don't want to have to do anything if its computationally infeasible to reverse Grin
Jump to: