On Sat, Jul 16, 2011 at 10:51:08AM -0500, Austin H wrote: > Having a random salt really does make it much harder to crack the > passwords and I would highly recommend that. With a random salt they > would have to attack each password individually rather than attacking > them all as a group but a fixed salt will eliminate the use of rainbow > tables. > > However, I am not sure of the purpose of hashing it twice. And by the > way, please use sha256 or sha512 to avoid the collisions with sha1.
What's more, while there are rainbow tables for md5 and sha1, I don't think there is anything serious for sha512 (such a table would be gigantic) -- "C'est mieux, mais il y a plus cher ailleurs" : ____ _ _ _ _ ___ _ / ___| \ | | | | | / / | (_)_ __ _ ___ __ | | _| \| | | | |/ /| | | | '_ \| | | \ \/ / | |_| | |\ | |_| / / | |___| | | | | |_| |> < \____|_| \_|\___/_/ |_____|_|_| |_|\__,_/_/\_\ GNU/Linux fan && Archlinux user _______________________________________________ glob2-devel mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/glob2-devel
