necessary for WP 2.6 -> BBP 1alpha:
WordPress “auth” cookie key
WordPress “secure auth” cookie key
WordPress “logged in” cookie key
thanks for making the effort, but thats not what i asked.
The cookies in bbPress 1.0 and WordPress 2.6 are based on recommendations from a security whitepaper by a top researcher.
Half of the key used in the cookie is kept in the database and the other half of the key is kept in the configuration file (bb-config.php / wp-config.php)
The idea is to make it harder for an attacker to compromise the system. They may gain file access but not db access or visa versa – therefore the other half is safe.
When I say “half” it’s not literal – but essentially the secret keys are “salted” with the secret salt. “Salting” is a much more complex operation than needs to be explained here (see wikipedia).