The Forum has been Updated
The code has been upgraded to the latest .NET core version. Please check instructions in the Community Announcements about migrating your account.
I am officially calling this a 1.0 release now. In the past month or so, there have been a couple dozen downloads of the MOD, and nobody has posted back yet with issues.
I'd like to get some other individuals to help me test this MOD. I've tested it once, but I want to ensure that everything works properly before I call it an official 1.0 release.
Password Salting Version: 1.0
Author: Bill Parrott (muzishun)
Forum Version: Snitz Forum 2000 v3.4.06
Tested Databases: MS Access 2000
Last Updated: 1/17/08
Download Link: Chimeric Dream, SnitzBitz
(From Wikipedia) "In cryptography, a salt comprises random bits that are used as one of the inputs to a key derivation function. The other input is usually a password or passphrase. The output of the key derivation function is stored as the encrypted version of the password. A salt can also be used as a key in a cipher or other cryptographic algorithm. The key derivation function typically uses a hash function. Sometimes the initialization vector, a previously-generated value, is used as a salt."
This MOD helps make a site more secure by adding a randomly generated string to the end of users' passwords before they are encrypted. This ensures that even if someone gains access to the forum's database, even a brute force attempt to crack the passwords will be ineffective, due to the fact that a user's password cannot possibly be guessed (unless someone discovers the salt, of course).
Comments can be posted in this reply, but for support and bug reports, please visit the MOD Implementation forum here.<
Password Salting Version: 1.0
Author: Bill Parrott (muzishun)
Forum Version: Snitz Forum 2000 v3.4.06
Tested Databases: MS Access 2000
Last Updated: 1/17/08
Download Link: Chimeric Dream, SnitzBitz
(From Wikipedia) "In cryptography, a salt comprises random bits that are used as one of the inputs to a key derivation function. The other input is usually a password or passphrase. The output of the key derivation function is stored as the encrypted version of the password. A salt can also be used as a key in a cipher or other cryptographic algorithm. The key derivation function typically uses a hash function. Sometimes the initialization vector, a previously-generated value, is used as a salt."
This MOD helps make a site more secure by adding a randomly generated string to the end of users' passwords before they are encrypted. This ensures that even if someone gains access to the forum's database, even a brute force attempt to crack the passwords will be ineffective, due to the fact that a user's password cannot possibly be guessed (unless someone discovers the salt, of course).
Comments can be posted in this reply, but for support and bug reports, please visit the MOD Implementation forum here.<
Posted
Password salting doesn't prevent someone from guessing the password. It just makes it harder to use a rainbow table or other form of brute force against the hash.<
Posted
once inc_pwsalt.asp will be created in a dir with permission, it is possible to move it to forum dir? No more file scripting needed on it?
This is because some servers have limited upload permission ..<
Posted
I've generally created the inc_pwsalt.asp in the same directory as my forum, but once you have created it, you may move it around your server as you please.<
Posted
thanks i think i will try it in next weeks<
Posted
Pop_Delete.asp wasn't updated to check against the salted password - it will not allow me to delete topics, etc.; losing the basic controls pretty much renders the forum useless. All the fancy mods in the world won't keep a forum going if you cannot edit/delete topics. I have logged out, deleted temp files, etc.; & logged back in again. That much works - but the basic controls for the board do not.
No Permissions to Delete Topic<
Go Back to Re-Authenticate
Close Window