On Dec 31, 2008, at 5:36 AM, Richard Heyes wrote:
Hi,
...
You should also take into account how crucial your data is. If it's
nuclear launch codes I would say that you can't get enough security.
Howver if it's an admin system for Bobs local grocery store, then as
"Phpster" suggested, a salted hash may well be enough. For example,
you could use this:
<?php
$hash = md5($password . 'salt -
bhuyfuyftyfctujvikhgvbhjiftye5645rt68ty97tgifyvcu6yt7d');
?>
Correst me if I'm wrong... but assuming that your salt string is hard
coded into the program, with a MD5 a password + salt is no more
secure then a simple password?
Unless... When they log in, you store a MD5 hash of the salt in a
separate field in the database, and store it on in a cookie so it can
be compared.
Or am I just missing something obvious like usual? :)
--
Jason Pruim
japruim@xxxxxxxxxx
616.399.2355
