The PHP Security Consortium has an article on password hashing, including using salt. http://phpsec.org/articles/2005/password-hashing.html
On Fri, Oct 21, 2011 at 1:49 PM, Nate <[email protected]> wrote: > MD5 is only one way. It cannot be reversed...However, it has been > "cracked" and is considered insecure by itself. > > Why? Rainbow tables have billions of hashes. They contain any and > every password combination you can come up with. All an attacker has > to do is take an MD5 hash and compare it to what's in a rainbow table > - and that table will show you the original value (a password). > > Here's a great analogy I learned: > You're a chef and you make spaghetti and sauce. You serve the meal to > 5 people. Those 5 people then add salt to their spaghetti. No matter > how hard you try, you will never re-create their modification to the > meal. You don't know how much or how little they put on. > > Hope that kinda clears things up :) > > -- > Our newest site for the community: CakePHP Video Tutorials > http://tv.cakephp.org > Check out the new CakePHP Questions site http://ask.cakephp.org and help > others with their CakePHP related questions. > > > To unsubscribe from this group, send email to > [email protected] For more options, visit this group > at http://groups.google.com/group/cake-php > -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php
