Hi Karl, > Just strikes me as 100% absurdly simple to do, and 100% impossible > to break... never need to worry about who finds your code and tries > to reverse things, etc. The whole 'salting' thing strikes me as a > pointless storm in a teacup really. No overhead on the database, no > extra tables to piss around with, no need to do anything more than: > > If that doesn't beat all this salting hassle... I dunno what does!
Ok, I'll bite... How is double md5 hashing your string any more secure than hashing it once? Other than your attacker having to compare your database with a double hashed rainbow table instead of a single hashed table of course (which would be trivial)... It strikes me you've just increased your chance of hash collisions for no significant increase in security. Kind regards, James McGlinn __________________________________ CTO Eventfinder Limited Suite 106, Heards Building 2 Ruskin Street, Parnell, Auckland 1052 Phone: +649 365 2342 Mobile: +6421 633 234 [EMAIL PROTECTED] | www.eventfinder.co.nz --~--~---------~--~----~------------~-------~--~----~ NZ PHP Users Group: http://groups.google.com/group/nzphpug To post, send email to [email protected] To unsubscribe, send email to [EMAIL PROTECTED] -~----------~----~----~----~------~----~------~--~---
