[_ck_]

The cookies in bbPress 1.0 and WordPress 2.6 are based on recommendations from a security whitepaper by a top researcher.

Half of the key used in the cookie is kept in the database and the other half of the key is kept in the configuration file (bb-config.php / wp-config.php)

The idea is to make it harder for an attacker to compromise the system. They may gain file access but not db access or visa versa – therefore the other half is safe.

When I say “half” it’s not literal – but essentially the secret keys are “salted” with the secret salt. “Salting” is a much more complex operation than needs to be explained here (see wikipedia).