Jump to content

U2.Dmhy News


Ricky
 Share

Recommended Posts

 

Passhash Algorithm Upgrade

Site has done a passhash algorithm upgrade recently. Passhashes using new algorithm is 25 million times harder to be cracked by brute-forcing method (testing hardware is Nvidia RTX 3080).

Since we do not store plaintext password, we were unable to convert old passhash to new passhash automatically. Thus, user enrolls into new algorithm only when:

1. Account Registration
2. Password Update (new password could be same as old password)

Algorithm upgrade does not affect user experience and can not be undone.

Since the security of passhash only takes effect in the hypothetical plot of database leak, we do not plan on forcing users to change their password in 2022. From 2023 we may (or may not) display a non-removable upgrade notice (for those not upgraded yet) or simply force user to upgrade.
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...