Paul Johnston wrote:
By default, passwords are stored in the database without a salt. Usual
practice is to use a salt, to make things harder for an attacker, just
in case your password database is captured. The scheme I favor is
storing hmac_sha1(hmac_sha1(master_salt, user_name), password).
Hi,
Ok, I've had a little look at how I could implement the JavaScript
hash login. I'll create a HashFormPlugin that is a challenger and an
identifier. As for the Authenticator, maybe I'll create a new
SQLHashAuthenticatorPlugin, or maybe I'll just provide a
default_hash_compare function to pass
