On 4/16/08, cjant83 <[EMAIL PROTECTED]> wrote: > Having read some of the posts in this thread I think I'll be changing it > slightly to include a site wide salt key as well.
I really don't understand some of the methods for salting passwords people are describing in this thread. The methods described in my post are established and accepted practices. If you invent your own thing you're only asking for trouble. In fact, a "site wide salt key" can be stolen as easily as your password database which completely defeats the purpose of salting passwords in the first place since the attacker can compute a dictionary of passwords with your fixed salt. Mike -- Michael B Allen PHP Active Directory SPNEGO SSO http://www.ioplex.com/
