Hi, I've been using Auth in a website under development and it seems to be working fine. The only potential concern I have is that it uses the 'salt' for generating the encrypted password, and obviously to check it against provided password during login.
My question is : - Isn't md5 an irreversible ( technically) algorithm ? - Is it really necessary to use the salt as part of the key that's used for encryption using md5 ? Would that make it harder to crack the password ? - Is it a good practice to change the salt once in a while, or is it supposed to stay the same ? What happens if the salt in the website changes, would no user be able to login again ? As you might have guess cryptography isn't really my thing, and hence appreciate if anyone could shed some light on these. Cheers, -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php
