Where are passwords stored?

**french frank** · 12-08-21, 15:56

vB has probably tightened up its security after suffering a major hack a couple of years ago. I think my test probably showed that the browser only stores the password on your computer, not on any other server or cloud. But the password is, in some form, stored all over the place. Have I Been Pwned just shows whether any of the websites which store your data have been hacked, and if that data has been pasted anywhere else. Action: change your password.

Originally posted by AuntDaisy View Post

From this VBulletin webpage, I suspect the forum passwords are securely hashed as "md5(md5(password) . salt)" - so the actual password isn't saved in the main forum database, just a super-condensed irretrievable version that is compared against the hashed* password we type in.

Same password stored in DB shown in different ciphertext? - vBulletin Community Forum

https://forum.vbulletin.com/forum/vbulletin-4/vbulletin-4-questions-problems-and-troubleshooting/353771-same-password-stored-in-db-shown-in-different-ciphertext?345351=

* Hashing is just a way of converting text (or even bytes) to a number - you can go in one direction, but not the other.

**AuntDaisy** · 12-08-21, 16:17

Originally posted by french frank View Post

vB has probably tightened up its security after suffering a major hack a couple of years ago. I think my test probably showed that the browser only stores the password on your computer, not on any other server or cloud. But the password is, in some form, stored all over the place. Have I Been Pwned just shows whether any of the websites which store your data have been hacked, and if that data has been pasted anywhere else. Action: change your password.

Excellent advice.

Apologies, in my rush to show technical nous, I hadn't noticed just how old that webpage was - yes, it does pre-date the hack(s).

Have I Been Pwned shows if an email / username appears on a leaked list, sadly it doesn't say which of our passwords went with it.

**jayne lee wilson** · 12-08-21, 16:23

Originally posted by french frank View Post

Put it this way: do you think your password for this forum is not stored somewhere, encrypted or not, in the software database? It's not visible in any way accessible to me, but to a hacker? The forum database doesn't have any important information like bank details anyway, but what about other websites for which you use a password. Is that password only in your browser? I just ask the question. I don't know what the answer is.

Quite enough problems & troubles here already to keep me awake nights, without adding this one..... I'm all over the web most days browsing, playback, and researching on many subjects....

So I guess I just feel never trouble trouble till trouble troubles you...
(which too many things already are...)

**french frank** · 12-08-21, 16:23

Originally posted by AuntDaisy View Post

Have I Been Pwned shows if an email / username appears on a leaked list, sadly it doesn't say which of our passwords went with it.

It looks as if you have to subscribe now (that used not to be the case). Filling in your email address did show up then as a vBulletin 'pwn'. I see the hack was back in 2016. Probably a Leave campaign ferreting for info on dissident members via their posts

**french frank** · 12-08-21, 16:26

Originally posted by jayne lee wilson View Post

So I guess I just feel never trouble trouble till trouble troubles you...

Yes, fair enough. There gets a point where cybersecurity could take over your life.

**AuntDaisy** · 12-08-21, 17:14

Originally posted by french frank View Post

Yes, fair enough. There gets a point where cybersecurity could take over your life.

Yes. The only answer is to not use the web / computers / devices.

Back to books, or possibly even hand-illuminated manuscripts (and avoid reading "The Name of the Rose").

Where are passwords stored?

Comment

Comment

Comment

Comment

Comment

Comment