Very good point, store the randomly generated salt in a user record next to their salted hashed password. Definitely adds more time to resolving passwords when they have to try hashing with salts. Makes static lookup tables(like rainbow) much harder to use.
-Mark -----Original Message----- From: Justin Mclean [mailto:jus...@classsoftware.com] Hi, > it would be better if you did a one way hash on the client and stored hashed > value in a database +1 and another +1 if you salt that hash. However using a modern GPU it's possible to check about 100 MD5 million hashes a second so it's becoming less and less secure. Justin
