On 4/19/08, Isaak Malik <[EMAIL PROTECTED]> wrote: > That website mentions storing these hashes in the database just to make > every password hash look different for every user, this only doesn't > increase protection from brute force attacks therefor I advice you to use a > double salt, a static one which is located outside of your web root and a > random generated salt to ensure that the hash will be unique.
What exact attack scenario is this "static [salt] which is located outside of your web root" supposed to protect against? Mike -- Michael B Allen PHP Active Directory SPNEGO SSO http://www.ioplex.com/
