View Single Post
06-25-2008, 11:12 PM
is cute and cuddly
Join Date: Mar 2008
Location: Vegas, Baby
Also, be mindful not to change the salt. If you do, everyones passwords will no longer work.
Another good reason to read Wildhoney's dynamic salt articles. I originally used a static salt with my encryption, and ran into this problem - if I wanted to change the salt, I had to write another routine just to loop through the entire table and rehash everybody's passwords. Easy enough on a test system with 20+ users, not so good on a user base of 1,000-20,000 (pretty darn easy to reach on some of todays sites).
When I switched it to a dynamic salt this became a moot point. When the user changes their password, a new salt is created, if they forget their password and need a new one emailed to them, a new salt is created, and so on and so forth. So everybody has their own dynamically created self updating salt. Makes the system more secure, and ironically simpler.
The Following User Says Thank You to delayedinsanity For This Useful Post:
View Public Profile
Send a private message to delayedinsanity
Visit delayedinsanity's homepage!
Find More Posts by delayedinsanity