Password Security on MESO-Rx

Discussion in 'Security, Privacy & Anonymity' started by Millard Baker, Jun 10, 2014.

  1. Millard Baker

    Millard Baker Member

    For those who care about SSL and related security measures, the new forum app brings the following changes:

    (1) Login credentials are submitted via SSL on thinksteroids.com

    As we all know, logging in to a vbulletin site usually means sending your password unencrypted over plain text HTTP. Not to mention all the information being shared in PMs is stored unencrypted on vbulletin. So, MESO-Rx happily says goodbye to vbulletin.

    (2) Passwords are protected with SHA256 cryptographic hash function on thinksteroids.com

    Vbulletin -- at least 3.x and 4.x -- uses the obsolete MD5 hash:

    http://www.vbulletin.com/forum/foru...vbulletin-using-for-user-passwords-protection

    http://forums.anandtech.com/showthread.php?t=2342487

    These are only a couple of reasons why MESO-Rx no longer uses vbulletin.
     
    Last edited: Jun 10, 2014
  2. dper726

    dper726 Member

    Awsome feature more forums need to have this feature. Meso feels like a safe home now for sure
     
    Millard Baker likes this.
  3. Millard Baker

    Millard Baker Member

    I'm certain most will eventually. I know Vbulletin doesn't make it easy; most (mainstream) individuals -- outside of our little subculture -- don't have a real need for SSL in internet forum discussions. Clearly, the AAS community is different. Given the sensitive and stigmatized nature of the topics discussed here, SSL makes sense. I previously underestimated how heavily the PM system (now called "conversations") was used by members; this makes SSL especially important.