Password Encryption on Altcoinstalks

[admin]

I decided to visit the forum again and tried to log in and found a strange point:



Please delete it now. No one, including the administrator, has the right to ask you about the password. Encrypting the password must require that admin does not know it but has the authority to change it.

It is also better to have a warning on the login page ----> https://www.altcoinstalks.com/index.php?action=register telling you that you must use a different password than bitcointalk or any other service.

I also cannot find a page related to privacy. For example, for how long will the IP address registered with you be deleted, and is it deleted once the account is deleted?

did a quick update, will have to look into it in details another time

[ABCbits]

Here is the hasing code used to generate the hashes
sha1(strtolower('username') . 'password');
That's a form of salted password so breaking it fairly impossible.

If i understood it correctly, does that mean the salt is our username? If it's true, IMO it's not very strong since the salt is known and one high-end GPU can perform 51 billion SHA1/second (Hash-Mode 110)[1]. Please correct me if i'm wrong.

[1] https://gist.github.com/Chick3nman/32e662a5bb63bc4f51b847bb422222fd

[bitmover]

Your passwords are safe, but do not have the same password used everywhere, because other platforms/sites/forums/etc.. might not have strict password encryption.

+1 for this

Passwords should always be unique. For that, a password manager is a must. Because it generates the passwords for you.

This is because some services might be hacked. Database hacked happens all the time.

If you use the same password everywhere,  the hacker can just login into other services with your password.

[babo]

it's called password stuffing, there are various methods to avoid it, you should know that I work in the defensive security field. normally my work is called by Blue team, while attacking us is called Red team. a way to avoid password reuse and allows a maximum of 5 login attempts and then ban IP for an hour for example

[hugeblack]

did a quick update, will have to look into it in details another time

This happened quickly. I see you updated the Registration Agreement and the new text



The new update is good and frees the forum from bearing the consequences of any hacks that occur using the same current password. All that remains is the commitment that the password is encrypted as soon as it is sent and no one, including admin, knows it. Only admin has access to encrypted version of the password.

Therefore, from a security standpoint, the Registration Agreement is good, and if you have time, it is better to write texts related to privacy, such as how long you will keep the IP address, encrypt messages, or delete data.

[Asiska02]

This is a very useful guide for those who want to teleport their accounts from other forums especially from Bitcointalk to this forum. I would always recommend everyone to use different and new passwords for each platform to have maximum security.

It is not even ideal to use same password for different sites or where you need to access something online. Once that password gets out, you’ll lose everything including the ones you never knew they can have access to. Security should be your priority in the crypto space because many people are always looking for ways to infiltrate accounts to cause harm to the person behind the account.

I don't really know why someone use same password on all the websites. It's not a good practice at all, anyone who cares about security should always use different passwords.

Some people argue that if they have too many passwords in their memory, they would become confused and lose track of things, which is why they use the same password. There are multiple ways to generate passwords for various websites while keeping them in your memory; simply follow the process that works best for you and your security will be much enhanced.