Bruteforcing: Difference between revisions
(Created page with "The practice of '''bruteforcing''' was most notably used by Adolf Hitler to obtain access to derelict accounts on Esoteric Chat, such as that of user shrimp, and was also employed for the purpose of spamming false-flag password reset requests. However, it has never been shown possible to crack a forum accout's password with bruteforcing alone, seeing as the bcrypt password function is regarded as cryptographically secure, with the ability to seamless...") |
No edit summary |
||
| Line 3: | Line 3: | ||
In [[esoTalk]], passwords were stored as [[salted]] [[MD5]] hashes, with a separate database column for the salt. [[esoBB]] no longer uses a pre-generated salt for password creation, but the value of the "salt" column is still used by some plugins as an input value for enforcing uniqueness. It is still possible to use MD5 cryptography on esoBB using a forum setting. Otherwise, MD5 passwords from old accounts are automatically converted into bcrypt from when said user logs in. As such, it is theoretically possible to seamlessly migrate account information from esoTalk beta to esoBB delta. | In [[esoTalk]], passwords were stored as [[salted]] [[MD5]] hashes, with a separate database column for the salt. [[esoBB]] no longer uses a pre-generated salt for password creation, but the value of the "salt" column is still used by some plugins as an input value for enforcing uniqueness. It is still possible to use MD5 cryptography on esoBB using a forum setting. Otherwise, MD5 passwords from old accounts are automatically converted into bcrypt from when said user logs in. As such, it is theoretically possible to seamlessly migrate account information from esoTalk beta to esoBB delta. | ||
esoBB delta 1 introduced flood control measures, thus making it impractical to spam login/password reset requests. esoBB delta 3 makes flood control more extensible, using a new table for requests that can be manipulated by plugins to achieve a more precise logging of various requests. In esoBB delta 2 and earlier versions, there is a bug in which the "logins" table will continually grow in size unless purged of its entries. Delta 3 contains the automatic pruning of expired entries as well as the ability for forum administrators to purge | esoBB delta 1 introduced flood control measures, thus making it impractical to spam login/password reset requests. esoBB delta 3 makes flood control more extensible, using a new table for requests that can be manipulated by plugins to achieve a more precise logging of various requests. In esoBB delta 2 and earlier versions, there is a bug in which the "logins" table will continually grow in size unless purged of its entries. Delta 3 contains the automatic pruning of expired entries as well as the ability for forum administrators to purge the entire table. In the future, the table is expected to be re-worked in order to better account for the inclusion of guest users (which may be achieved using plugins). | ||
Latest revision as of 06:18, 22 September 2025
The practice of bruteforcing was most notably used by Adolf Hitler to obtain access to derelict accounts on Esoteric Chat, such as that of user shrimp, and was also employed for the purpose of spamming false-flag password reset requests. However, it has never been shown possible to crack a forum accout's password with bruteforcing alone, seeing as the bcrypt password function is regarded as cryptographically secure, with the ability to seamlessly update to better measures.
In esoTalk, passwords were stored as salted MD5 hashes, with a separate database column for the salt. esoBB no longer uses a pre-generated salt for password creation, but the value of the "salt" column is still used by some plugins as an input value for enforcing uniqueness. It is still possible to use MD5 cryptography on esoBB using a forum setting. Otherwise, MD5 passwords from old accounts are automatically converted into bcrypt from when said user logs in. As such, it is theoretically possible to seamlessly migrate account information from esoTalk beta to esoBB delta.
esoBB delta 1 introduced flood control measures, thus making it impractical to spam login/password reset requests. esoBB delta 3 makes flood control more extensible, using a new table for requests that can be manipulated by plugins to achieve a more precise logging of various requests. In esoBB delta 2 and earlier versions, there is a bug in which the "logins" table will continually grow in size unless purged of its entries. Delta 3 contains the automatic pruning of expired entries as well as the ability for forum administrators to purge the entire table. In the future, the table is expected to be re-worked in order to better account for the inclusion of guest users (which may be achieved using plugins).
