Hi Eric and all the others who have problems with "salts", there is no problem to store your "salts" with your hashed passwords in your db. You could read that here:
http://phpsec.org/articles/2005/password-hashing.html There they explain why and how you should use a "salt". Greetings Sascha -----Ursprüngliche Nachricht----- Von: Michael B Allen [mailto:[EMAIL PROTECTED] Gesendet: Donnerstag, 17. April 2008 19:20 An: Eric Marden Cc: [email protected] Betreff: Re: [fw-general] adding "salt" to logging in and password security On 4/17/08, Eric Marden <[EMAIL PROTECTED]> wrote: > >> P.S. - I'm not considering storing the salt in the DB as being > >> properly secured. That's kind of like keeping the key to your house > >> under the door mat. You can get in, if you know where to look. > > > The UNIX passwd database and LDAP userPassword attribute store the > salt in plain sight with the password hash. > > > There are ACLs protecting those assets. There are no ACLs on the UNIX password datbase and even if there were they wouldn't do any good if the hacker steals the database file(s) (e.g. slapd dbm files). > Still failing to see your point. Clearly. _________________________________________________________________________ In 5 Schritten zur eigenen Homepage. Jetzt Domain sichern und gestalten! Nur 3,99 EUR/Monat! http://www.maildomain.web.de/?mc=021114
