> Or use the username or email itself as the salt. So you won't have to > store the salt. This is secure enough.
This makes alot of sense to me. If the salt is stored in plain text anyway, and always unique, does it really matter if it's a random string or not? I quite liked the idea of using the registration timestamp as the salt. Thanks for tips people. Aaron --~--~---------~--~----~------------~-------~--~----~ NZ PHP Users Group: http://groups.google.com/group/nzphpug To post, send email to [email protected] To unsubscribe, send email to [EMAIL PROTECTED] -~----------~----~----~----~------~----~------~--~---
