SMF Development > Feature Requests

Same username/password for all my forums. Possible?

<< < (2/3) > >>

Armada:
How about replicating the username/password table keeping them all the same for all three forums?

Kindred:
won't work... the hash on the passwords would be different

Arantor:
Um, why would they be different?

Armada:
Is it a random salt on the hash or is it unsalted?

Arantor:
Interesting question, since the answer is neither. (Non random salt != unsalted)

The password hash in SMF is (like, I would add, several other forum systems), sha1(strtolower(username) . password)

You get all the benefits of salting the hash, it's a per-user salt so it neutralises rainbow tables, but you don't require any additional columns etc.

If you were to use the erroneously-named password_salt column, you actually don't really benefit much because you still have to prepare a brute attack per row should you get hold of the DB table.

Navigation

[0] Message Index

[#] Next page

[*] Previous page