Amnoartist wrote: Hey there. Just a quick question, though I do feel it's the most important factor: How do you intend to handle password storage and hashing with Brawna 2.0, compared with how it was done so with the original Brawna? I reckon more than a few people would feel the site could go off to a very rocky start if that's not implemented yet.
I felt like I answered such a question before, but I didn't. Just felt similar regarding the captcha. So first of all, I have actually no idea how the original handled anything. I haven't had an account or stories on brawna. But I did attempt to register a couple of times but couldn't even find a "register"-Button. But back to your question:
The password is encrypted and stored in my database. So even if I as admin would go in the db and look at your password, all I would see is gibberish that looks like this: "$2y$12$P13eCbHogg0amXfzgdpqXeh6awmd4ucI8TTiWp99fRz9lEABcvo/q"
I took a framework for the User Management System called "UserSpice". The owners wrote this about their security on November 15th 2016:
"We just passed a security audit as of 4.1.8 and everything we do is pretty industry standard. Bcrypt for password encryption, SSL/TLS compatible out of the box, token system to prevent XSS attacks, automated sanitization of all form and database input."
I hope this answered your question.
