Hello everyone, and sorry for the complete lack of updates lately.
I am working on a new sidebar widget called subscribe by e-mail, which should be released by next week.
Among other things going on around here, I have made some security changes too.
Here’s the problem I’m running into lately.
These indicate that the server is secure and is who they say they are. This is achieved by signing the webpage with an SSL Certificate.
However, our hosting provider (not saying who) only allows people on our plan to purchase their SSL certificate, instead of installing one from a different company.
So, because we won’t pay for anything else the provider has to offer, we cannot guarantee your passwords won’t be intercepted. But they are certainly stored securely. I read a blog post that states that companies should publish the password algorithm that they use beforehand. So here it is:
8-layer MD5 hashing, with salt
This doesn’t give away your passwords, which I will explain next. So, what does this mean? Well, hashing is kind of what it sounds like: put it on the grater and mix it up so that it cannot be reassembled. Layered hashing is hashing again and again, cutting it into more, smaller pieces. Salting is adding a few numbers at the beginning to mix it up. For example, this is my password’s hash, and it cannot be reassembled 8 times–it would take an eternity with today’s computer power!
I cannot read your passwords, because they aren’t in plain text!
This is just an example of the security that WordPress gives us by default. Rest assured your passwords are perfectly safe.
Oh, and for the more technologically minded, that blog post can be found on Troy Hunt’s website.
Update 1: Yeah, forgot to mention, we’re trying to get together for another Thornton Twins Podcast.
Update 2: We now support OpenID registration and login, so your password isn’t even seen by us! Log in to By Jim Thornton to find out more.