theymos (OP)
Administrator
Legendary
 Offline
Activity: 5376
Merit: 13368
|
 |
July 10, 2012, 10:09:50 PM |
|
In an hour from this post, I will disable posting for most members, backup the forum database, and apply error's patch to SMF which upgrades the password hashing algorithm. This will probably take 30-60 minutes, or longer if something goes wrong. Don't write any long messages close to this time or you might lose your message.
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
Gladamas
Sr. Member
Offline
Activity: 294
Merit: 250
Bitcoin today is what the internet was in 1998.
|
|
July 10, 2012, 10:13:06 PM |
|
Great! Just curious, what hashing algorithm are you switching from/to? And will this require a password reset?
|
|
|
|
Luceo
Sr. Member
Offline
Activity: 350
Merit: 250
Per aspera ad astra!
|
|
July 10, 2012, 10:13:56 PM |
|
Good news. Greater security is worth a little downtime. ^^
|
|
|
|
theymos (OP)
Administrator
Legendary
Offline
Activity: 5376
Merit: 13368
|
|
July 10, 2012, 10:16:31 PM |
|
Great! Just curious, what hashing algorithm are you switching from/to? And will this require a password reset?
The default algorithm is SHA-1 salted with the lowercase username. The new algorithm is 7500 rounds of SHA-256 salted with 12 bytes of random data. Your password will be automatically upgraded to the new algorithm next time you login. I will log everyone out so that a lot of passwords are upgraded right away. |
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
|
Tachikoma
|
|
July 10, 2012, 10:22:17 PM |
|
Great, thanks for the password upgrade  |
|
|
|
|
pekv2
|
|
July 10, 2012, 10:23:08 PM |
|
Great! Just curious, what hashing algorithm are you switching from/to? And will this require a password reset?
The default algorithm is SHA-1 salted with the lowercase username. The new algorithm is 7500 rounds of SHA-256 salted with 12 bytes of random data. Your password will be automatically upgraded to the new algorithm next time you login. I will log everyone out so that a lot of passwords are upgraded right away. Theymos, I salute you and the others that I don't know that are helping you for making the forum more tightly secure. Great news to hear. When possible, I will donate, I've been wanting to so badly but cannot atm for a few months, it won't be small either. |
|
|
|
|
|
myrkul
|
|
July 10, 2012, 10:30:49 PM |
|
Great! Just curious, what hashing algorithm are you switching from/to? And will this require a password reset?
The default algorithm is SHA-1 salted with the lowercase username. The new algorithm is 7500 rounds of SHA-256 salted with 12 bytes of random data. Jesus.... that's better security than my bank. Will that result in a noticeable delay in logging in? |
|
|
|
Gladamas
Sr. Member
Offline
Activity: 294
Merit: 250
Bitcoin today is what the internet was in 1998.
|
|
July 10, 2012, 10:37:58 PM |
|
Great! Just curious, what hashing algorithm are you switching from/to? And will this require a password reset?
The default algorithm is SHA-1 salted with the lowercase username. The new algorithm is 7500 rounds of SHA-256 salted with 12 bytes of random data. Jesus.... that's better security than my bank. Will that result in a noticeable delay in logging in? Well, let's say the server that Bitcointalk is hosted on could get 3 Mh/s mining on its CPU(s). One Bitcoin mining hash is 2 rounds of SHA-256, so 3,000,000/(7500/2) = 800 logins/second. |
|
|
|
|
myrkul
|
|
July 10, 2012, 10:40:48 PM |
|
Great! Just curious, what hashing algorithm are you switching from/to? And will this require a password reset?
The default algorithm is SHA-1 salted with the lowercase username. The new algorithm is 7500 rounds of SHA-256 salted with 12 bytes of random data. Jesus.... that's better security than my bank. Will that result in a noticeable delay in logging in? Well, let's say the server that Bitcointalk is hosted on could get 3 Mh/s mining on its CPU(s). One Bitcoin mining hash is 2 rounds of SHA-256, so 3,000,000/(7500/2) = 800 logins/second. So.... No, huh?  |
|
|
|
BrightAnarchist
Donator
Legendary
Offline
Activity: 853
Merit: 1000
|
|
July 10, 2012, 10:42:47 PM |
|
Very nice! I'm going to have to upgrade my password of course.
|
|
|
|
|
theymos (OP)
Administrator
Legendary
Offline
Activity: 5376
Merit: 13368
|
|
July 10, 2012, 10:44:41 PM |
|
Will that result in a noticeable delay in logging in?
No. It's pretty fast. |
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
|
pekv2
|
|
July 10, 2012, 10:55:51 PM |
|
Very nice! I'm going to have to upgrade my password of course.
Diddo. I was thinking the same as a precaution. I don't believe it is a "have to" as theymos said it will be upgraded. |
|
|
|
|
|
pekv2
|
|
July 10, 2012, 10:56:27 PM |
|
Will that result in a noticeable delay in logging in?
No. It's pretty fast. What processor is being used if you don't mind me asking? I'd love to see a photo of the system but I doubt that will happen. |
|
|
|
|
theymos (OP)
Administrator
Legendary
Offline
Activity: 5376
Merit: 13368
|
|
July 10, 2012, 11:03:33 PM |
|
What processor is being used if you don't mind me asking?
/proc/cpuinfo says "Intel(R) Core(TM)2 Duo CPU T7700 @ 2.40GHz". This might be virtual, though. |
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
|
myrkul
|
|
July 10, 2012, 11:07:01 PM |
|
Hey, wait! I'm not ready ye- |
|
|
|
unclemantis
Member
Offline
Activity: 98
Merit: 10
(:firstbits => "1mantis")
|
|
July 10, 2012, 11:08:44 PM |
|
Fire away!
|
|
|
|
|
error
|
|
July 10, 2012, 11:30:28 PM |
|
If it breaks, you get to keep both pieces. Just kidding. |
3KzNGwzRZ6SimWuFAgh4TnXzHpruHMZmV8
|
|
|
gweedo
Legendary
Offline
Activity: 1498
Merit: 1000
|
|
July 10, 2012, 11:36:33 PM |
|
sounds good to me! Just wondering why no bcrypt?
|
|
|
|
|
|
error
|
|
July 11, 2012, 12:35:01 AM |
|
Don't ask me. I was specifically advised not to say anything about the choice of algorithm. |
3KzNGwzRZ6SimWuFAgh4TnXzHpruHMZmV8
|
|
|
theymos (OP)
Administrator
Legendary
Offline
Activity: 5376
Merit: 13368
|
|
July 11, 2012, 12:38:26 AM |
|
OK, it's done. Tell me if there are any problems.
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
|
