Hi Bill, > It's not necessary to md5 your salt before appending it to the password. > It's more important to use a distinct salt per user, and apply key > strengthening.
interesting stuff. But where should the distinct salt per user be saved? It feels quite wrong to store it in the database right beside the password. Or should it be combined from, lets say: user id, email address and registration date? Best regards, Ralf
