Search found 103 matches

by /a3
Thu Nov 22, 2012 3:03 am
Forum: [3.x][Archive] RFCs
Topic: [RFC] stop distributing worthless CAPTCHAS in 3.1
Replies: 98
Views: 58074

Re: [RFC] stop distributing worthless CAPTCHAS in 3.1

Just thought I would share this link... It's a different way of defeating bots (using games): http://areyouahuman.com A few issues: JavaScript sources aren't GPL. Nobody can modify/distribute them, except for the authors. As per the phpBB.com homepage, phpBB is "the #1 free, open source bulletin bo...
by /a3
Tue Oct 16, 2012 10:48 am
Forum: [3.x] Rejected RFCs
Topic: [RFC] Use password_hash
Replies: 14
Views: 22960

Re: [RFC] Use password_hash

Why are slow algorithms a good thing? Is that a typo? It's not a typo - I should have explained it in my post. Using a hash which is more difficult to calculate will make it hard to produce rainbow tables or brute force any single hash for a collision. On the other hand, hashes like MD5 and the SHA...
by /a3
Tue Oct 16, 2012 12:28 am
Forum: [3.x] Rejected RFCs
Topic: [RFC] Use password_hash
Replies: 14
Views: 22960

Re: Use password_hash

Another question (or realisation): will password hashing be implemented by the Symfony framework for phpBB?
by /a3
Tue Oct 16, 2012 12:09 am
Forum: [3.x] Rejected RFCs
Topic: [RFC] Use password_hash
Replies: 14
Views: 22960

[RFC] Use password_hash

Replaced by [RFC]More secure password hashing Background : phpBB currently uses a modified version phpass for hashing passwords. phpass is supported for PHP3+ (may drop support for PHP3) and uses the strongest hash available to it. phpBB 3.0 uses a stripped down of phpass which uses md5+salt by def...
by /a3
Wed May 16, 2012 11:38 pm
Forum: [3.x] Discussion
Topic: "Official" integration with Akismet
Replies: 97
Views: 58192

Re: "Official" integration with Akismet

One issue with using Akismet would be privacy. Do people really want to be letting Akismet know about every account they register on the web?

I know I wouldn't. :?
by /a3
Wed Apr 18, 2012 10:05 pm
Forum: [3.x] Discussion
Topic: Social networks integration
Replies: 12
Views: 10969

Re: Social networks integration

Here's my proposal: phpBB include a plugin system for logging in from other websites. That way it is easy for people to add plugins for Facebook etc. I still stand by my original position above, however I realise there would be other good uses for a plugin system related to external logins, eg. inte...
by /a3
Mon Apr 16, 2012 10:56 pm
Forum: [3.x] Discussion
Topic: Social networks integration
Replies: 12
Views: 10969

Re: Social networks integration

My main "fear" with social network integration would be that many boards would enable this, and social networking sites like Facebook would have more power to track users and what websites they visit. That's my main issue with OpenID etc. as well. By the way, most users are not aware of this, so "op...
by /a3
Sat Apr 07, 2012 2:50 am
Forum: [3.x] Discussion
Topic: Default Style
Replies: 28
Views: 26671

Re: Default Style

Don't like specific kind of ads How often do you come across a site that installs malware? I've never understood why people limit their experiences because something could happen and that could is rare. Advertising is far from rare. I got sick of websites with those annoying JS-popups that require ...
by /a3
Sat Mar 31, 2012 3:36 am
Forum: [3.x] Discussion
Topic: Default Style
Replies: 28
Views: 26671

Re: Default Style

Don't like specific kind of ads How often do you come across a site that installs malware? I've never understood why people limit their experiences because something could happen and that could is rare. Advertising is far from rare. I got sick of websites with those annoying JS-popups that require ...
by /a3
Sat Mar 31, 2012 3:31 am
Forum: [3.1/Ascraeus] Merged RFCs
Topic: [RFC] More secure hashing
Replies: 64
Views: 48548

Re: [RFC] Update password hashing algorithm

Hello /a3, does salted passwords mean "Password complexity:" ? Bye Martin No, it's where the user chooses their password, the password is "salted" (modified) and then hashed. It does two things: Prevents rainbow table attacks and dictionary attacks, since it the MD5 doesn't represent the password b...