Bitcoin Forum

I created an account a while ago for a website that I was going to launch. However, I used an email address that has since been deleted and is probably not available for re-registration. Since the passwords for our accounts in the new forum will be sent via email to the email addresses we have on our profiles, would it not be possible to access this account once the forum software is migrated? Is it recommended that I register a new email address and change it to this one before the switchover happens?

If you mean logging into this forum, by migrating, it's safe to assume your login/password will remain the same?

So they will set up a bot to send emails to every users with a reset link. We can only access the forum if you reset the password. This is what I know. It might change.

Source?

As a confirmation, we're working really hard to make sure as much of the data is carried over. The only thing we can't carry over is passwords, so when you first log on to the new forum, you'll need to set a new password.

This will probably be done over email so make sure the email you have registered with THIS forum is your email and not ... say a burner email account like mailinator or something like that.

To prevent people from thinking, "This is a phishing site trying to steal my password!", the primary method of resetting your password will be email reset. A secondary (maybe slightly-hidden) method will be to use your current password. So you needn't worry about having an invalid email address now.

A valid email address might be required in the new software, though. I'm not sure about that yet.

They don't have access to passwords, but what about the password hashes? Why not just transfer the hashes to the new system?

It could be that the new forum has a new method of hashing passwords (different algorithm maybe), so if the old hashes were transferred over, your old password wouldn't work because of the new algorithm.

The idea that bcrypt is somehow extra strong is AFAIK entirely a myth. bcrypt is based on a fast Blowfish-based hash function comparable to SHA-256 and other cryptographically-secure hash functions. It makes the entire process slow by hashing the password many times. But this is exactly what any decent key derivation function does.

The forum uses sha256crypt (which has an extremely similar interface to bcrypt) with 7500 iterations. If SHA-256 and bcrypt's underlying hash function were exactly the same speed, this would be equivalent to a bcrypt cost of about 13. I prefer SHA-2 because Blowfish (and especially bcrypt's Blowfish-based hash function) are not as widely used or studied.

They don't have access to passwords, but what about the password hashes? Why not just transfer the hashes to the new system?

i dont agree with this method, i would go for email reset password to left those dummy accounts and the forum will be clean

But what about legitimate users who have a now invalid email? Why are you leaving them out?

=snip= A secondary (maybe slightly-hidden) method will be to use your current password. So you needn't worry about having an invalid email address now.

A valid email address might be required in the new software, though. I'm not sure about that yet.

I created an account a while ago for a website that I was going to launch. However, I used an email address that has since been deleted and is probably not available for re-registration. Since the passwords for our accounts in the new forum will be sent via email to the email addresses we have on our profiles, would it not be possible to access this account once the forum software is migrated? Is it recommended that I register a new email address and change it to this one before the switchover happens?