Thanks, I've added the use of salt to my Auth. I added a field passwordSalt to every row of my table. Some of you don't like that, but I did so with what I think gives it a little more flair. I've hardcoded a couple of substr($passwordSalt, y, n) to surround my password, so good figuring how I salted it.
I don't know much about this but do you think Zend_Auth_Adapter_DbTable should be altered to add ->setSalt (pass value or variable used for Salt) ->setSaltShaker ( Zend_Auth_Hash::MD5SALT) where setSaltShaker uses the values in setCredentialColumn and setSalt to build some standard hashing: Zend_Auth_Hash::MD5 ............ md5 ( setCredentialColumn() ) Zend_Auth_Hash::SALTMD5 .... md5( setCredentialColumn() . setSalt() ) Zend_Auth_Hash::SHA1 .......... sha1( setCredentialColumn() ) Zend_Auth_Hash::SALTSHA1 ... sha1( setCredentialColumn() . setSalt() ) Take this with a grain of salt as I'm not sure of what I'm suggesting :). A lot of these tools I use without fully understanding them, but then again who fully understands anything. But at the same time I think I'm better for using them. So the easier it is to practice safe computing the better for all of us. Thanks again for this discussion, it made me a better programmer. -- View this message in context: http://www.nabble.com/adding-%22salt%22-to-logging-in-and-password-security-tp16646218p16767046.html Sent from the Zend Framework mailing list archive at Nabble.com.
