06-19-2015, 10:10 PM
The real question is why not adopt something like what Linux does with its passwords? (
[To see links please register here]
) and use multiple methods. The method is chosen randomly and NOT included in the password hash, but in a separate field. That way, not only would you need a relational dump but also would need to decipher the algorithm type (and implement it user-defined in MyBB, forcing a complete brute force on password hashes). Hash them 32 times using combinations of the hashing methods.... like maybe md5(bcrypt(bcrypt(salt.password)))