On Sun, Apr 13, 2008 at 1:52 AM, Josh Team <[EMAIL PROTECTED]> wrote:
> Maybe I am missing something, but doesn't storing the salt in plain texas in
> the same row as the user in question defeat a main purpose of a salt in data
> integrity / security if compromised? The only thing you are achieving with
> your salt by storing it in such a way is making the hash value harder to
> decider over sniffing which is a small (imo) feature of salting passwords.
I understand now. Using different hash values per password makes it
much harder to bruteforce them. Of course, the best way would be to
use both a main salt hash, and one for each record.
And Holger: maybe you should use apostrophes around $blowfish, so:
->setCredentialTreatment("MD5(CONCAT(?, '$blowfish'))")
Hope that helps.
Regards,
Ádám
