On Wed, 2008-01-23 at 00:40 -0500, Nathan Nobbe wrote:
> alright, so you guys have responded and im really appreciative.
> you have me thinking now..
> so what are the real issues here?
>
>1. portability
>2. security (obviously)
>
> im wondering now if crypt() is really even so practical
alright, so you guys have responded and im really appreciative.
you have me thinking now..
so what are the real issues here?
1. portability
2. security (obviously)
im wondering now if crypt() is really even so practical. especially
considering the deal where only 2 characters are prepended
Richard Lynch wrote:
On Tue, January 22, 2008 7:43 pm, Chris wrote:
Richard Lynch wrote:
On Sat, January 19, 2008 8:24 pm, Eric Butera wrote:
I always make sure that I use a site specific salt which is just
appended on the user supplied value. I started doing that when I
read
that people had
On Tue, January 22, 2008 7:43 pm, Chris wrote:
> Richard Lynch wrote:
>> On Sat, January 19, 2008 8:24 pm, Eric Butera wrote:
>>> I always make sure that I use a site specific salt which is just
>>> appended on the user supplied value. I started doing that when I
>>> read
>>> that people had cre
Richard Lynch wrote:
On Sat, January 19, 2008 8:24 pm, Eric Butera wrote:
I always make sure that I use a site specific salt which is just
appended on the user supplied value. I started doing that when I read
that people had created huge databases of hashed values that they can
just search on.
On Sat, January 19, 2008 8:24 pm, Eric Butera wrote:
> I always make sure that I use a site specific salt which is just
> appended on the user supplied value. I started doing that when I read
> that people had created huge databases of hashed values that they can
> just search on. At least this w
On Sat, January 19, 2008 2:11 pm, Nathan Nobbe wrote:
> http://www.php.net/manual/en/function.crypt.php
> has a second parameter, $salt, which, if not supplied will be
> automatically
> generated and presumably become a prefix or suffix of the returned
> string.
Or, in some algorithms, gets buried
Nathan Nobbe wrote:
hi all,
recently ive been debating a bit about the use of the crypt() function and
the best practice thereof, im hoping you can help to clarify this for me.
so, the crypt function
http://www.php.net/manual/en/function.crypt.php
has a second parameter, $salt, which, if not su
On Mon, 2008-01-21 at 14:37 -0500, Mike Potter wrote:
>
> You should have said "yes" and quit while you thought you were ahead.
I'm not trying to get "ahead"... I didn't know I was competing. Are we
competing? I thought I was just answering posts.
> > that was me saying that there is certainly a
My apologies Robert, Gmail sucks. I'm bouncing this back to the list, where it
belonged in the first place. Feel free to make corrections if I've
mischaracterized
what you wrote. Good luck with that, btw, but don't expect me to engage.
Robert Cummings wrote:
>>> And THAT does remind me of my MUD
On Sat, 2008-01-19 at 23:17 -0500, Nathan Nobbe wrote:
> thanks for the great responses guys.
> i guess what im really getting at though is, if crypt() will embed
> a salt in the value it returns automatically, is there any benefit to
> creating a salt to pass to the second argument and storing tha
thanks for the great responses guys.
i guess what im really getting at though is, if crypt() will embed
a salt in the value it returns automatically, is there any benefit to
creating a salt to pass to the second argument and storing that
as well?
conceivably, passwords already have a salt using the
> -Original Message-
> From: Eric Butera [mailto:[EMAIL PROTECTED]
> Sent: Sunday, January 20, 2008 12:24 AM
> To: Jochem Maas
> Cc: Nathan Nobbe; PHP General List
> Subject: Re: [PHP] password hashing and crypt()
>
> On Jan 19, 2008 8:02 PM, Jochem Maas &
On Jan 19, 2008 8:02 PM, Jochem Maas <[EMAIL PROTECTED]> wrote:
> Nathan Nobbe schreef:
> > hi all,
> >
> > recently ive been debating a bit about the use of the crypt() function and
> > the best practice thereof, im hoping you can help to clarify this for me.
> >
> > so, the crypt function
> > htt
Nathan Nobbe schreef:
hi all,
recently ive been debating a bit about the use of the crypt() function and
the best practice thereof, im hoping you can help to clarify this for me.
so, the crypt function
http://www.php.net/manual/en/function.crypt.php
has a second parameter, $salt, which, if not
hi all,
recently ive been debating a bit about the use of the crypt() function and
the best practice thereof, im hoping you can help to clarify this for me.
so, the crypt function
http://www.php.net/manual/en/function.crypt.php
has a second parameter, $salt, which, if not supplied will be automat
16 matches
Mail list logo
