Whats wrong with storing your salt in DB?
View Single Post
11-17-2007, 01:03 PM
Join Date: Sep 2007
My salt is 7 characters salt stored in DB and in the password row, the password is md5 of salt and the password.
The salt is randomly generated, either when the user is created or if the user changes the password.
However, if the hacker has access to my MySQL server, he can modify the salt and regenerate the password field with md5 hash generators that is
if he knew how I generate the passwords within the code.
Edit: Adam is it good practice to use more than 1 salt ?
Last edited by Haris : 11-17-2007 at
View Public Profile
Send a private message to Haris
Find More Posts by Haris