> That's not the most earth-shattering way of doing things, but > it should slow > down any script-kiddie that gets the password file; he will > have to append > the username to every password try on every different table > row. It also > makes the salt different for each user, but is easier to > maintain than a > random number (or even a well-known hard-coded number) for each one.
I use both: the password plus the username plus some fixed random salt from the config file. It's trivial to pull something out of the config file with ConfigurationSettings.AppSettings. You can read messages from the Advanced DOTNET archive, unsubscribe from Advanced DOTNET, or subscribe to other DevelopMentor lists at http://discuss.develop.com.
