How do big companies like VB store passwords?
View Single Post
04-28-2008, 03:36 PM
Join Date: Apr 2008
Location: Trapped in my own little world.
Originally Posted by
For my projects I use a combination of 2 salts (1 Static, 1 Dynamic). When a user registers to my website the backend will generate a random salt key for each user. Even if 2 different users register to my website with the same password, the resulting hash will be different.
So if the database was ever hacked or stolen, they would be missing the static salt key, thus it would prove to be impossible for them to bruteforce any of the passwords.
However I'll touch wood, just incase.
they could still brute force it, but they would need the salt in order to get it, they would see $password.$salt they could just start taking things off and see what happens. Even tho im sure nobody is stupid enough to just take the database without looking at the files. There is always something important there.
Icon Rush - Create and Animate Icons
View Public Profile
Send a private message to blayne4k
Find More Posts by blayne4k