04-28-2008, 03:36 PM
|
#26 (permalink)
|
|
The Wanderer
Join Date: Apr 2008
Location: Trapped in my own little world.
Posts: 14
Thanks: 0
|
Quote:
Originally Posted by Mathew
For my projects I use a combination of 2 salts (1 Static, 1 Dynamic). When a user registers to my website the backend will generate a random salt key for each user. Even if 2 different users register to my website with the same password, the resulting hash will be different.
So if the database was ever hacked or stolen, they would be missing the static salt key, thus it would prove to be impossible for them to bruteforce any of the passwords.
However I'll touch wood, just incase.
|
they could still brute force it, but they would need the salt in order to get it, they would see $password.$salt they could just start taking things off and see what happens. Even tho im sure nobody is stupid enough to just take the database without looking at the files. There is always something important there. |
|
|
|