Quote:
Originally Posted by 711
Good suggestion.
For the record, and to set member's minds at ease, EntropiaForum.com does not store member passwords, but rather stores an encrypted hash of the password. Thus, it is impossible for me or anyone else to extract any member's forum password from the EF database, since the actual password is not even stored anywhere. |
In theory u can do md5-collisionchecks .. sure i guess the passwords got a salt within the md5, but still, in theory its still possible to get the password back in plaintext
Many examples from sweden about that issue (sites gets hacked and databases started to spread, even with salt they succeed to get passwords from this )
But, i guess you as admin don't have any interest of it
