On 28.07.2011 11:13, John Black wrote:
This approach makes it impractical to bruteforce the hash because every
single test will have to run md5() 3000 times before it can validate a
single hash.
--
John
I am sorry, I made a mistake here, 3000 times is not enough for this.
The actual code for the md5 portion looks like this:
$this->hash_rounds['md5'] = 3000;
for( $x=0 ; $x < $this->hash_rounds['md5'] ; ++$x)
{
$hash = md5($salt.md5($salt.$hash).md5($hash.$salt));
}
--
John
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
