Re: Neoboard 3.0 insecurely creates passwords

[Signal 11 <signal11 () MEDIAONE NET>]

> All passwords are generated with a salt of ".v" . This isn't a
> huge security hole, but if someone gets to the hashes in your
> database, it will be a lot easier to crack them.

This is particularily objectionable because PHP will happily
generate a random salt by simply omitting one. The only reason
one should specify a salt is when encrypting a password to
compare it to the one in the database. Just extract the first
two letters from the string and pass that to the crypt function -
you can do all of it on one line. :/

~ Signal 11