bbPress Plugin Browser » Topic: MD5 insecurity for bbPress

Sam Bauers on "MD5 insecurity for bbPress"

Sam Bauers — Sat, 05 Apr 2008 01:05:53 +0000

This plugin is now usable in bbPress 0.9+

Sam Bauers on "MD5 insecurity for bbPress"

Sam Bauers — Sat, 05 Apr 2008 00:45:29 +0000

You can use this plugin for a while if you need to and then turn it off and users should not notice any difference. You will probably end up with a mixture of md5 and phpass hashes, but the conversion is automatic when users login.

Michael Adams (mdawaffe) on "MD5 insecurity for bbPress"

Michael Adams (mdawaffe) — Thu, 03 Apr 2008 20:39:13 +0000

If you want to use phppass, you don't need any plugin. Core bbPress will automatically upgrade any md5 password to a phppass password the first time that user logs in.

You can import your md5 passwords to bbPress and it will just work.

This plugin is only really useful if your passwords are used by multiple pieces of software.

retrospec on "MD5 insecurity for bbPress"

retrospec — Thu, 03 Apr 2008 12:06:14 +0000

Hello,
Does this give the option to switch back out to phppass once passwords are converted.

I'm in the middle of converting my old forum (which uses md5) to bbPress. I didn't realise 0.8.3 was not md5, so I need to import the data then move the users to phppass, which I assume is more secure than md5

Thanks.

Sam Bauers on "MD5 insecurity for bbPress"

Sam Bauers — Sat, 15 Dec 2007 08:50:46 +0000

Don't use this on bbPress 0.8.3 or less! Currently only useful if you run trunk.

Sam Bauers on "MD5 insecurity for bbPress"

Sam Bauers — Sat, 15 Dec 2007 08:45:03 +0000

Changes the password hashing in bbPress to use old-skool MD5