Originally Posted by
jackal
Different issue.
You're talking about salting the database the passwords are stored in on your servers.
NameCoin is talking about the hash of the password as it is sent from our browsers to your servers during the login process--and he proved that it was easily broken.
If you are on a network that has been compromised and packets are actively being sniffed - then yes, a hacker can absolutely intercept and decode a password, not only for Flyertalk - but almost every forum and other web app.
We are not currently planning on putting the entire site behind an HTTPS proxy, nor re-writing core vBulletin components for additional encryption. While the perceived threat is real if some conditions are met, the use-case is not direct and I do not think presents a danger.