Results 1 to 5 of 5

Thread: Database security?

  1. #1
    Senior Member Scooby Doo's Avatar
    Join Date
    Oct 2004
    Location
    The Mystery Machine
    Posts
    103

    Database security?

    Im registered with https://haveibeenpwned.com and this morning I had an email to say my freedc email address had been in a vbulletin database leak from January.

    Just though I had better let you know.

    Ian

  2. #2
    Administrator Bok's Avatar
    Join Date
    Oct 2003
    Location
    Wake Forest, North Carolina, United States
    Posts
    24,451
    Blog Entries
    13
    yeah, I got that too. Looks like vbulletin have patched it, so I've updated to latest code today.

    All passwords are salted nad hashed in the database as far as I know with vbulletin so little chance they are out there, but email addresses will be.

  3. #3
    Thanks, home INFOSEC (wife) just alerted me to this.

    She wants to know what hashing algorithm is used, apparently to keep things difficult for the newish GPU based crackers, it should be something like SHA-512

  4. #4
    Administrator Bok's Avatar
    Join Date
    Oct 2003
    Location
    Wake Forest, North Carolina, United States
    Posts
    24,451
    Blog Entries
    13
    You'll have to go look at the vbulletin websites to find that info I'm afraid. I just use their software.

  5. #5
    Quote Originally Posted by Bok View Post
    You'll have to go look at the vbulletin websites to find that info I'm afraid. I just use their software.
    Apparently their algorithm is really weak. One hobbyist was able to crack ~135k hashed/salted passwords in a day without really trying hard, just using his normal desktop machine (admittedly with a high end GPU)

    https://www.troyhunt.com/data-breach...etin-and-weak/

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •