so we'll just end it
here. Hopefully this has cleared up a few things, or at least been somewhat
informative for at least a few on this list.
Jordan Frank
eBusiness Applications
www.ebusinessapplications.ca
[EMAIL PROTECTED]
PS: Can we please try to have even just one discussion about securi
ever, if it's feasible for your application. But the
question was asking about salts, it wasn't asking for a recommendation on
the entire authentication infrastructure. Even if it was, there was not
enough information given about the application for anyone to just say "use
Also, don't
have a TTL for the nonce, just only ever use it once and have a short
timeout for the entire login procedure. If in doubt it's better to just
generate a new nonce than to allow for a tiny window in which a replay
attack could occur. You follow?
If you have any more questions I'
