06-25-2008, 11:44 PM
|
#2 (permalink)
|
|
The Acquainted
Join Date: May 2008
Posts: 175
Thanks: 9
|
you would first need a unique identifier for the user. Then I would try and design some type of algorithim that will return the exact same value when passing that identifier to the user.
Personally, I think a salt for each user is a little overboard. I use a salt in my passwords as well, but it is just one constant for everyone.
IE
PHP Code:
function md5Password($password)
{
$salt = "¤G,~\YUV_M-a'~$bSvCHb{p)qOp!04B5f2$E__'4-r?%+f\9G1@";
return md5($salt . $password);
}
Dictionary attacks are no longer a problem. The only attack you would be looking at now is a random character generator. This is why you block access to the login function of your site after 5 or so attemps and and failed password within so much time :)
Also, be mindful not to change the salt. If you do, everyones passwords will no longer work.
Also keep in mind you will need this whenever a user registers or sets a new password as well as logging in! :)
__________________
There are No Stupid Questions. But there a LOT of Inquisitive Idiots.
|
|
|