On Friday, 27 November 2015 at 00:50:25 UTC, brian wrote:
Thanks for the blatant faux pas.
I wasn't going to use MD5, I just meant "hash it somehow",
which was not apparent from my question. My bad.
Algorithm aside, the rest of that approach seems sensible then?
The hash implementation was probably going to be a part 2 of
this question.
I'd use dcrypt (https://github.com/puzzlehawk/dcrypt) to keep
all the d-goodness, but according to the author, that's not
"production ready" yet.
In lieu of that, I'll have a gander at those libraries you
mentioned.
Yea. I've used bcrypt a few times; it's usually just using the
hash function to hash the passwords, then the check function to
check them, and that's it (bcrypt stores the salt along with the
password).
I don't know if I'd trust dcrypt yet. No offence to the authors,
but I doubt that it has gone through the review that more popular
C libraries have.
