> whichever way you look at it, it comes out easier just to have the > separate field. > It's not that much work to add a field to a database table and it > reduces sooo many headaches later on.
I generate a random salt of constant length (8 characters) and tack it on the front of the hash and store that. Saves an extra field in the database and an attacker still needs your application logic to extract the hash/salt from it --~--~---------~--~----~------------~-------~--~----~ NZ PHP Users Group: http://groups.google.com/group/nzphpug To post, send email to [email protected] To unsubscribe, send email to [EMAIL PROTECTED] -~----------~----~----~----~------~----~------~--~---
