On Fri, Nov 27, 2015 at 02:51:30PM +0000, Adam D. Ruppe via Digitalmars-d-learn wrote: > On Friday, 27 November 2015 at 07:46:33 UTC, H. S. Teoh wrote: > >1) The server stores password01 in the user database. > > I still wouldn't actually store this, hash it anyway and use that as > the new "password".
True, so you'd store hash(password01) in the database, and compute hash(X + hash(password)) during authentication. T -- It is of the new things that men tire --- of fashions and proposals and improvements and change. It is the old things that startle and intoxicate. It is the old things that are young. -- G.K. Chesterton