On Sat, January 19, 2008 8:24 pm, Eric Butera wrote:
> I always make sure that I use a site specific salt which is just
> appended on the user supplied value. I started doing that when I read
> that people had created huge databases of hashed values that they can
> just search on. At least this way no matter what the password isn't a
> dictionary word. As for if that really adds value in the end I can't
> say as I'm not really a security expert.
>
> Eg. hash('sha256', $input.$salt);
The Bad Guys create humongous databases of every dictionary word with
every possible salt... So what salt you use does not matter...
So I don't think you are really adding any extra security here...
--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/from/lynch
Yeah, I get a buck. So?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
