Bruteforcing

The practice of bruteforcing was most notably used by Adolf Hitler to obtain access to derelict accounts on Esoteric Chat, such as that of user shrimp, and was also employed for the purpose of spamming false-flag password reset requests. However, it has never been shown possible to crack a forum accout's password with bruteforcing alone, seeing as the bcrypt password function is regarded as cryptographically secure, with the ability to seamlessly update to better measures.

In esoTalk, passwords were stored as salted MD5 hashes, with a separate database column for the salt. esoBB no longer uses a pre-generated salt for password creation, but the value of the "salt" column is still used by some plugins as an input value for enforcing uniqueness. It is still possible to use MD5 cryptography on esoBB using a forum setting. Otherwise, MD5 passwords from old accounts are automatically converted into bcrypt from when said user logs in. As such, it is theoretically possible to seamlessly migrate account information from esoTalk beta to esoBB delta.

esoBB delta 1 introduced flood control measures, thus making it impractical to spam login/password reset requests. esoBB delta 3 makes flood control more extensible, using a new table for requests that can be manipulated by plugins to achieve a more precise logging of various requests. In esoBB delta 2 and earlier versions, there is a bug in which the "logins" table will continually grow in size unless purged of its entries. Delta 3 contains the automatic pruning of expired entries as well as the ability for forum administrators to purge