This is a general crypto question but not Crypto++ specific so I hope nobody minds (is there a better mailing list for crypto questions?).
When hashing passwords to store in a database for a user login system I've heard many recommendations that you should prepend a salt onto the beginning of the clear-text. Just a couple of questions regarding this: 1. What is the primary reason to do this? 2. Should the salt be different for each user? 3. Do you just store the salt in clear-text with the user record? 4. What length salt would be suitable for most purposes? Thanks. Regards, William Bartholomew Internet Developer Orli-TECH Pty Ltd "Your Innovative e-Business Partner" Web: http://www.orlitech.com.au Email: [EMAIL PROTECTED] Phone: +61 7 3292 0220 Fax: +61 7 3292 0221 Visit our online store http://www.instantit.com.au This electronic communication (including any attached files) may contain confidential and/or legally privileged information and is only intended for the viewing purposes of the person to whom it is addressed. If you are not the intended recipient, you do not have permission to read, use, disseminate, distribute, copy or retain any part of this communication or its attachments in any form. If you receive this email in error, please contact us on +61 7 3292 0222 or by email and delete all copies.
