Previously Dan Korostelev wrote: > Yeah, that's definetely a mistake! The hash needs to be generated > using both salt and password. > > Also, I saw a technique when you generate a hash using double hashing, > like this: sha(sha(password) + salt).hexdigest(). It looks even more > secure :)
Why would it make things more secure? Wichert. -- Wichert Akkerman <[email protected]> It is simple to make things. http://www.wiggy.net/ It is hard to make things simple. _______________________________________________ Zope-Dev maillist - [email protected] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
