Are our passwords stored in plain text in the forum database?

Started by Thorin, September 18, 2007, 12:00:15 PM

Previous topic - Next topic

Thorin

I've been working on a security system and reading all about salting and hashing passwords.  In one of the articles I read, it mentioned something about phpBB storing passwords in plain text in the database.  I'm wondering, does SMF do that too?  If not, do you know what SMF does with the password?  Does it salt it and hash it and store it?  Does it just hash it?  Does it encrypt it with a private key?

The worry, of course, is if a forum user uses the same password for the forums and for something important, like banking information.  I don't, so I'm not worried about me, but who knows what the other users do.
Prayin' for a 20!

gcc thorin.c -pedantic -o Thorin
compile successful

Darren Dirt

#1
Worry not, grasshopper.

If thou doth clicketh upon your PROFILE, then "Account Related Settings", look next to "ANSWER" and see the label that reads thusly:
"WHY IS THIS BLANK?", therein all wisdom shall be thrown upon thou.
_____________________

Strive for progress. Not perfection.
_____________________