theymos (OP)
Administrator
Legendary
 Offline
Activity: 5194
Merit: 12985
|
 |
July 10, 2012, 10:09:50 PM |
|
In an hour from this post, I will disable posting for most members, backup the forum database, and apply error's patch to SMF which upgrades the password hashing algorithm. This will probably take 30-60 minutes, or longer if something goes wrong. Don't write any long messages close to this time or you might lose your message.
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
|
|
|
|
|
Be very wary of relying on JavaScript for security on crypto sites. The site can change the JavaScript at any time unless you take unusual precautions, and browsers are not generally known for their airtight security.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
Gladamas
Sr. Member
Offline
Activity: 294
Merit: 250
Bitcoin today is what the internet was in 1998.
|
|
July 10, 2012, 10:13:06 PM |
|
Great! Just curious, what hashing algorithm are you switching from/to? And will this require a password reset?
|
|
|
|
Luceo
Sr. Member
Offline
Activity: 350
Merit: 250
Per aspera ad astra!
|
|
July 10, 2012, 10:13:56 PM |
|
Good news. Greater security is worth a little downtime. ^^
|
|
|
|
theymos (OP)
Administrator
Legendary
Offline
Activity: 5194
Merit: 12985
|
|
July 10, 2012, 10:16:31 PM |
|
Great! Just curious, what hashing algorithm are you switching from/to? And will this require a password reset?
The default algorithm is SHA-1 salted with the lowercase username. The new algorithm is 7500 rounds of SHA-256 salted with 12 bytes of random data. Your password will be automatically upgraded to the new algorithm next time you login. I will log everyone out so that a lot of passwords are upgraded right away. |
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
|
Tachikoma
|
|
July 10, 2012, 10:22:17 PM |
|
Great, thanks for the password upgrade  |
|
|
|
|
pekv2
|
|
July 10, 2012, 10:23:08 PM |
|
Great! Just curious, what hashing algorithm are you switching from/to? And will this require a password reset?
The default algorithm is SHA-1 salted with the lowercase username. The new algorithm is 7500 rounds of SHA-256 salted with 12 bytes of random data. Your password will be automatically upgraded to the new algorithm next time you login. I will log everyone out so that a lot of passwords are upgraded right away. Theymos, I salute you and the others that I don't know that are helping you for making the forum more tightly secure. Great news to hear. When possible, I will donate, I've been wanting to so badly but cannot atm for a few months, it won't be small either. |
|
|
|
|
|
myrkul
|
|
July 10, 2012, 10:30:49 PM |
|
Great! Just curious, what hashing algorithm are you switching from/to? And will this require a password reset?
The default algorithm is SHA-1 salted with the lowercase username. The new algorithm is 7500 rounds of SHA-256 salted with 12 bytes of random data. Jesus.... that's better security than my bank. Will that result in a noticeable delay in logging in? |
|
|
|
Gladamas
Sr. Member
Offline
Activity: 294
Merit: 250
Bitcoin today is what the internet was in 1998.
|
|
July 10, 2012, 10:37:58 PM |
|
Great! Just curious, what hashing algorithm are you switching from/to? And will this require a password reset?
The default algorithm is SHA-1 salted with the lowercase username. The new algorithm is 7500 rounds of SHA-256 salted with 12 bytes of random data. Jesus.... that's better security than my bank. Will that result in a noticeable delay in logging in? Well, let's say the server that Bitcointalk is hosted on could get 3 Mh/s mining on its CPU(s). One Bitcoin mining hash is 2 rounds of SHA-256, so 3,000,000/(7500/2) = 800 logins/second. |
|
|
|
|
myrkul
|
|
July 10, 2012, 10:40:48 PM |
|
Great! Just curious, what hashing algorithm are you switching from/to? And will this require a password reset?
The default algorithm is SHA-1 salted with the lowercase username. The new algorithm is 7500 rounds of SHA-256 salted with 12 bytes of random data. Jesus.... that's better security than my bank. Will that result in a noticeable delay in logging in? Well, let's say the server that Bitcointalk is hosted on could get 3 Mh/s mining on its CPU(s). One Bitcoin mining hash is 2 rounds of SHA-256, so 3,000,000/(7500/2) = 800 logins/second. So.... No, huh?  |
|
|
|
BrightAnarchist
Donator
Legendary
Offline
Activity: 853
Merit: 1000
|
|
July 10, 2012, 10:42:47 PM |
|
Very nice! I'm going to have to upgrade my password of course.
|
|
|
|
|
theymos (OP)
Administrator
Legendary
Offline
Activity: 5194
Merit: 12985
|
|
July 10, 2012, 10:44:41 PM |
|
Will that result in a noticeable delay in logging in?
No. It's pretty fast. |
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
|
pekv2
|
|
July 10, 2012, 10:55:51 PM |
|
Very nice! I'm going to have to upgrade my password of course.
Diddo. I was thinking the same as a precaution. I don't believe it is a "have to" as theymos said it will be upgraded. |
|
|
|
|
|
pekv2
|
|
July 10, 2012, 10:56:27 PM |
|
Will that result in a noticeable delay in logging in?
No. It's pretty fast. What processor is being used if you don't mind me asking? I'd love to see a photo of the system but I doubt that will happen. |
|
|
|
|
theymos (OP)
Administrator
Legendary
Offline
Activity: 5194
Merit: 12985
|
|
July 10, 2012, 11:03:33 PM |
|
What processor is being used if you don't mind me asking?
/proc/cpuinfo says "Intel(R) Core(TM)2 Duo CPU T7700 @ 2.40GHz". This might be virtual, though. |
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
|
myrkul
|
|
July 10, 2012, 11:07:01 PM |
|
Hey, wait! I'm not ready ye- |
|
|
|
unclemantis
Member
Offline
Activity: 98
Merit: 10
(:firstbits => "1mantis")
|
|
July 10, 2012, 11:08:44 PM |
|
Fire away!
|
|
|
|
|
error
|
|
July 10, 2012, 11:30:28 PM |
|
If it breaks, you get to keep both pieces. Just kidding. |
3KzNGwzRZ6SimWuFAgh4TnXzHpruHMZmV8
|
|
|
gweedo
Legendary
Offline
Activity: 1498
Merit: 1000
|
|
July 10, 2012, 11:36:33 PM |
|
sounds good to me! Just wondering why no bcrypt?
|
|
|
|
|
|
error
|
|
July 11, 2012, 12:35:01 AM |
|
Don't ask me. I was specifically advised not to say anything about the choice of algorithm. |
3KzNGwzRZ6SimWuFAgh4TnXzHpruHMZmV8
|
|
|
theymos (OP)
Administrator
Legendary
Offline
Activity: 5194
Merit: 12985
|
|
July 11, 2012, 12:38:26 AM |
|
OK, it's done. Tell me if there are any problems.
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
|
