teccmo wrote: > > So any help or direction to articles on this would be much appreciated. > Thank you. >
"You're Probably Storing Passwords Incorrectly" http://www.codinghorror.com/blog/archives/000953.html "Enough With The Rainbow Tables: What You Need To Know About Secure Password Schemes" http://chargen.matasano.com/chargen/2007/9/7/enough-with-the-rainbow-tables-what-you-need-to-know-about-s.html PBKDF2 (Password-Based Key Derivation Function) http://en.wikipedia.org/wiki/PBKDF2 (and of course other articles referenced by this) It's not necessary to md5 your salt before appending it to the password. It's more important to use a distinct salt per user, and apply key strengthening. I'd also recommend using sha256 instead of sha1. See the PHP hash() function. Regards, Bill Karwin -- View this message in context: http://zend-framework-community.634137.n4.nabble.com/Guidance-on-storing-passwords-securely-tp2400394p2400591.html Sent from the Zend Framework mailing list archive at Nabble.com.
